The  Pennsylvania  Department  of  Transportation  offers  the  following  comments  in  reference  to 
TSA’s  request  for  comment  for  “Intent  To  Request  Approval  From  OMB  of  One  New  Public 
Collection  of  Information:  Certification  of  Identity  Form  (TSA  Form  415).” 


1)  TSA  indicates  that  Form  415  will  be  updated  so  that  “it  is  generally  only  available  to 
travelers  who  certify  that  they:  reside  in  or  have  been  issued  a  driver's  license  or  state 
identification  card  by  a  state  that  is  compliant  with  the  Real  ID  Act  or  a  state  that  has 
been  granted  an  extension  by  DHS;  or  have  been  issued  another  verifying  identity 
document  that  TSA  accepts.”  The  Pennsylvania  Department  of  Transportation  believes 
there  would  be  inequitable  treatment  among  the  residents  of  states  that  issue  REAL  ID 
compliant  products  and  those  states  that  do  not.  Even  though  an  individual  may  reside  in 
a  state  that  issues  REAL-ID  compliant  products,  that  state  may  have  an  opt-in  process. 
As  a  result,  the  person  may  hold  a  non-compliant  product  from  a  compliant  state  and 
may  be  able  to  use  the  TSA  form;  however,  a  resident  from  a  non-compliant  state  who 
holds  a  similar  non-compliant  product  cannot  use  the  TSA  Form  415. 

From  a  legal  point  of  view,  there  does  not  appear  to  be  any  rational  distinction  between 
a  resident  of  a  state  who  has  been  issued  a  Real  ID  non-compliant  product  and  a 
resident  of  a  state  that  does  not  issue  Real  ID-compliant  products  at  all.  As  such,  TSA's 
proposal  would  appear  to  deny  equal  protection  to  similarly  situated  residents  in  different 
states.  The  department  asks  TSA  to  reconsider  its  policies  and  procedures  related  to 
TSA  Form  415  to  ensure  equitable  treatment. 

Additionally,  clarification  is  being  sought  regarding  the  statement  that  the  form  will  be 
“...generally  only  available  to  travelers  who  certify  that  they:  reside  in  or  have  been 
issued  a  driver's  license  or  state  identification  card  by  a  state  that  is  compliant  with  the 
Real  ID  Act  or  a  state  that  has  been  granted  an  extension  by  DHS;  or  have  been  issued 
another  verifying  identity  document  that  TSA  accepts..."  The  term  “generally”  seems  to 
indicate  that  there  would  be  some  exceptions  where  the  form  would  be  used.  Can  TSA 
clarify  when  the  form  may  be  used  by  residents  of  non-compliant  states  who  have  not 
been  issued  another  acceptable  form  of  ID  from  the  TSA  list  of  acceptable  identity 
documents? 

2)  The  link  contained  at  the  end  of  the  first  paragraph  under  the  heading  “Information 

Collection  Requirement”  to  access  the  list  of  acceptable  verifying  documents  appears  to 
be  invalid.  After  clicking  the  link,  the  user  is  taken  to  a  TSA  webpage  that  indicates 
“Page  Not  Found.”  We 

believe"https://www.tsa.qov/sites/default/files/resources/realid  factsheet.pdf’  to  be  the 
correct  link. 


Please  contact  me  if  you  have  any  questions. 


Thanks, 

Kara  N.  Templeton  |  Director 

PA  Department  of  Transportation  |  Bureau  of  Driver  Licensing 
Riverfront  Office  Center,  4th  Floor  |  1101  South  Front  Street  |  Harrisburg,  PA  17104 
Phone: 
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United  States  Department  of  Homeland  Security 
Transportation  Security  Administration 
[Docket  No.  DHS-20 16-26958] 

Intent  To  Request  Approval  From  OMB  of  One  New  Public  Collection  of  Information: 
Certification  of  Identity  Form  (TSA  Form  415) 

Keeping  IDentities  Safe  (KIDS)  submits  the  following  comments  in  response  to  the 
Transportation  Security  Administration’s  new  Information  Collection  Request  (ICR). 

Background 

Keeping  IDentities  Safe  is  a  501(c)(3),  non-partisan,  not  for  profit,  crime  prevention,  educational 
charity  based  in  Washington,  D.C.  Its  central  purpose  is  to  raise  awareness  that  weak  state 
systems  for  issuing  driver's  licenses  and  IDs  increase  the  risk  from  terrorists  and  criminals  who 
can  fraudulently  assume  new  identities  to  escape  detection  by  law  enforcement.  Keeping 
IDentities  Safe  also  educates  and  encourages  parents  to  secure  their  children's  identities,  as  well 
as  provides  information  on  the  risks  under  age  persons  incur  when  using  a  counterfeit  or 
fraudulently  obtained  ID. 

Keeping  IDentities  Safe  supports  continued  enforcement  and  implementation  the  federal  REAL 
ID  Act  rules,  and  enforcement  of  the  act  by  the  federal  government.  The  REAL  ID  Act  prohibits 
federal  agencies  from  accepting  driver’s  licenses  and  state  issued  identification  cards  that  do  not 
meet  certain  standards.  The  REAL  ID  standards,  published  in  2008,  reduce  the  risk  of  identity 
theft  and  fraud  through  the  adoption  of  best  practices. 

Confirming  the  identity  of  travelers  prior  to  boarding  an  aircraft  is  a  vital  component  of  aviation 
security.  As  the  9/1 1  Commission  stated,  “At  many  entry  points  to  vulnerable  facilities, 
including  gates  of  boarding  aircraft,  sources  of  identification  are  the  last  opportunity  to  ensure 
that  people  are  who  they  say  they  are  and  to  check  whether  they  are  terrorists.”1  The  9/1 1 
Commission  Report  recommended  that  the  federal  government  set  standards  for  driver’s 
licenses.  50  states,  five  territories,  and  the  District  of  Columbia  each  issue  driver's  licenses  each 
under  different  authorities  and  processes,  largely  independent  of  each  other.  Prior  to  passage  of 
the  REAL  ID  Act,  the  federal  government  exercised  minimal  regulation  regarding  the  issuance 


National  Commission  on  Terrorist  Attacks  upon  the  United  States.,  Kean,  T.  H.,  &  Hamilton,  L.  (2004).  The  9/11 
Commission  report:  Final  report  of  the  National  Commission  on  Terrorist  Attacks  upon  the  United  States. 
Washington,  D.C.:  National  Commission  on  Terrorist  Attacks  upon  the  United  States. 
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of  driver's  licenses,  with  the  exception  of  regulations  pertaining  to  HAZMAT  and  Commercial 
Driver’s  Licenses  and  the  Driver’s  Privacy  Protection  Act.  Subsequent  REAL  ID  rules  created 
metrics  for  the  federal  government  to  define  the  components  and  characteristics  pertinent  to  the 
security  of  a  state’s  driver’s  license  and  its  reliability  as  a  proof  of  identity.  These  metrics  and  the 
states’  certification  of  compliance  reports  provide  a  basis  for  the  U.S.  Department  of  Homeland 
Security  to  determine  whether  or  not  it  is  acceptable  for  “official  purposes.”2 
Keeping  IDentities  Safe  endorses  the  Department’s  efforts  to  enforce  the  REAL  ID  Act 
throughout  the  United  States,  and  especially  by  the  Transportation  Security  Agency’s  (TSA) 
review  of  passenger  credentials  at  airports.  Currently,  TSA  treats  every  driver's  license  as  the 
same.  There  is  no  review  of  the  physical  security  features  nor  the  application  and  adjudication 
process  employed  by  the  states  to  issue  driver's  licenses  and  identification  cards. 

REAL  ID  enforcement  will  be  the  first  time  TSA  agents  differentiate  driver's  licenses  to 
segregate  non-compliant  states  from  the  majority  of  compliant  states.  This  notice  suggests  that 
TSA  anticipates  an  alternate  process  for  airline  travelers  who  present  driver’s  licenses  as  proof  of 
identity  that  were  issued  by  states  non-compliant  with  REAL  ID  requirements. 

Many  questions  remain  regarding  how  REAL  ID  will  be  enforced  at  the  airports.  How  will 
travelers  be  notified  at  the  airports  in  advance  of  the  scheduled  January  2018  enforcement?  What 
kind  of  signage  will  precede  enforcement  and  subsequently  be  posted  at  airports? 

Have  notices  been  sent  to  the  airlines  so  they  can  notify  passengers  to  bring  alternate 
identification  if  they  do  not  possess  a  REAL  ID  compliant  driver’s  license  or  ID?  What  kind  of 
additional  personnel  will  be  needed  to  account  for  the  number  of  travelers  who  present 
noncompliant  identification  at  the  airport? 

TSA’s  notice  does  provide  some  insight  into  one  part  of  enforcement:  what  process  would  TSA 
use  to  confirm  the  identity  of  travelers  who  present  driver’s  licenses  from  noncompliant  states. 
According  to  the  notice,  TSA  plans  on  using  knowledge  based  authentication  based  on 
commercial  and  government  databases  to  confirm  the  identity  of  travelers. 

Comments 

Capture  Documentation 

If  documentation  is  presented,  TSA  should  capture  the  documentation  presented  via  electronic 
scan.  Should  a  crime  be  committed,  the  scan  of  the  identification  presented  would  provide  value 
to  an  investigation. 

Verifying  the  validity  of  noncompliant  licenses 

The  REAL  ID  standards  are  intended  to  mitigate  the  risk  that  an  individual  will  present 
fraudulent  identification  to  assume  or  create  a  new  identity.  However,  there  is  some  identity 
management  value  that  can  be  attached  to  a  noncompliant  license.  Statutorily,  it  is  only 


‘  The  REAL  ID  Act  defines  "official  purposes"  as  presenting  state  driver's  licenses  and  identification  cards  for 
boarding  commercially  operated  airline  flights,  entering  federal  buildings  and  nuclear  power  plants. 
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insufficient  for  "official  purposes."  TSA  should  use  the  noncompliant  driver's  license,  in  part,  to 
verify  the  holder's  identity.  There  are  systems  that  allow  for  the  verification  of  a  limited  data  set, 
such  as  full  name,  date  of  birth,  and  most  importantly,  the  document  number  of  the  driver's 
license. 

Knowledge  based  authentication 

The  notice  states  that  TSA  uses  knowledge  based  authentication  to  verify  the  identity  of  a 
traveler  who  cannot  or  will  not  present  sufficient  proof  of  identity  at  the  screening  checkpoint. 
According  to  DRAFT  National  Institute  of  Standards  and  Technology  (NIST)  Special 
Publication  800-63A  Digital  Authentication  Guideline  Enrollment  and  Identity  Proofing,  using 
knowledge  based  authentication  as  the  only  means  of  verifying  an  identity  ranks  as  “adequate.” 
Given  the  continued  risk  to  aviation  security  and  the  growing  availability  of  complete  online 
identity  packages  via  the  Dark  Web  and  Tor  networks,  we  recommend  that  TSA  utilize  a  multi¬ 
factor  method  of  identity  verification.  According  to  the  NIST  standard,  a  “superior”  level  of 
identity  verification  includes  the  use  of  biometrics.  Given  that  the  traveler  would  be  submitting 
only  biographic  information  via  a  form,  TSA  should  phase  in  the  collection  of  physical  data 
including  a  front  facial  image  and  fingerprints.  If  the  passenger  has  been  previously  enrolled  in  a 
federal  program,  biometric  technology  can  seek  to  confirm  the  identity  of  a  traveler.  It  may  also 
be  used  to  compare  that  facial  image  and  fingerprints  against  various  watch  lists  to  check  for 
known  or  suspected  terrorists  as  well  as  for  outstanding  wants  and  warrants. 

The  knowledge  based  authentications  completed  by  TSA’s  Identity  Verification  Call  Center 
should  be  conducted  consistent  with  the  DRAFT  NIST  Special  Publication  800-63 A  Digital 
Authentication  Guideline  Enrollment  and  Identity  Proofing  Requirements.  Section  5.3.2. 
“Knowledge  Based  Verification  Requirements”  includes  minimum  standards  for  the  use  of 
knowledge  based  verification. 

Contact: 

Brian  Zimmer 
President 

Keeping  IDentities  Safe 

1300  Pennsylvania  Ave  NW,  Suite  880 

Washington,  DC  20004 

info@idsecuritynow.org 

(202)312-1540 
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The  REAL  ID  Act  provides  that  "a  Federal  agency  may  not 
accept,  for  any  official  puipose,  a  driver's  license  or 
identification  card  issued  by  a  State  to  any  person  unless  the 
State  is  meeting  the  requirements  of  this  section."  Official 
purpose,  as  described  in  the  description  in  this  notice, 
includes  boarding  commercial  aircraft.  It  is  clear  that  the 
TSA  is  required  to  not  accept  identification  documents  that  do 
not  meet  certain  requirements.  However,  as  is  clear  from  the 
proposal,  passengers  are  allowed  to  board  aircraft  without 
providing  any  documents  at  all.  If  they  comply  with  the  IVCC 
procedure,  their  identities  are  confirmed  without  providing 
documents.  The  proposed  regulation's  requirement  that  the  IVCC 
procedure  can  only  be  used  by  passengers  who  have  been  issued 
(but  do  not  possess)  identity  documents  that  comply  with  REAL 
ID  does  nothing  to  enhance  security  because,  whether  or  not 
they  have  been  issued  a  compliant  identification  card,  their 
identity  has  been  confirmed  by  the  IVCC  procedure  and  there  is 
no  question  as  to  their  identity.  The  fact  that  a  REAL  ID 
compliant  document  exists  but  is  not  present  is  not  required 
by  the  act,  does  not  enhance  security,  interferes  with 
travelers'  constitutional  right  of  travel,  discriminates 
against  travelers  based  on  their  state  of  residence  (if 
certain  states,  through  no  fault  of  the  traveler,  opt  not  to 
comply  with  the  REAL  ID  Act),  and  discriminates  against 
travelers  based  on  a  host  of  other  protected  factors 
(including  race)  since  certain  groups  are  less  likely  to  have 
ever  obtained  identification  documents  even  if  they  live  in 
REAL  ID  states.  While  state  compliance  with  the  REAL  ID  Act  is 
optional,  this  regulation  appears  to  be  designed  to  increase 
political  pressure  from  the  travelling  public  for  states  to 
comply  with  the  act.  The  puipose  of  the  TSA  and  this 
regulation  should  be  to  secure  commercial  aircraft.  This 
regulation  has  provisions  to  accurately  verify  the  identities 
of  passengers  without  the  need  to  coerce  states  to  comply  with 
an  act  that  it  is  their  right  not  to  comply  with.  *© 
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COMMENTS  OF  THE  ELECTRONIC  PRIVACY  INFORMATION  CENTER 

to  the 

TRANSPORTATION  SECURITY  ADMINISTRATION 

Intent  To  Request  Approval  From  OMB  of  One  New  Public  Collection  of  Information: 
Certification  of  Identity  Form  (TSA  Form  415) 

[Docket  No.  2016-26958] 

January  9,  2017 


By  notice  published  November  8,  2016  the  Transportation  Security  Administration 
(“TSA”)  requested  public  comments  regarding  the  agency’s  intent  to  request  approval  from  the 
Office  of  Management  and  Budget  (“OMB")  to  collect  information  for  a  certification  of  identity 
form  individuals  who  do  not  have  a  REAL  ID  that  the  DHS  has  deemed  a  “compliant”  form  of 
identification. 1  Pursuant  to  this  notice,  the  Electronic  Privacy  Information  Center  (“EPIC”) 
recommends  that  the  TSA  not  pursue  the  proposed  information  collection.  Several  states  still 
rightly  oppose  REAL  ID  precisely  because  of  the  massive  cost  and  the  privacy  concerns  arising 
from  the  excessive  collection  of  personal  information  by  the  federal  government.  The  TSA’s 
proposal  fails  to  address  the  underlying  privacy  objections  to  the  REAL  ID. 

EPIC  is  a  public  interest  research  center  in  Washington,  D.C.  EPIC  was  established  in 

'  Intent  To  Request  Approval  From  OMB  of  One  New  Public  Collection  of  Information:  Certification  of 
identity  Form  (TSA  Form  415),  81  Fed.  Reg.  78,623  (Nov.  8,  2016). 


REAL  ID  Act  Identity  Verification  Process 
[FR  Doc.2016-26958] 
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Comments  of  EPIC 
January  9,  2016 


1994  to  focus  public  attention  on  emerging  privacy  and  human  rights  related  issues,  and  to 
protect  privacy,  the  First  Amendment,  and  constitutional  values.  EPIC  has  considerable  expertise 
analyzing  the  privacy  and  security  risks  attendant  to  the  design  and  implementation  of  REAL  ID. 
In  2007,  EPIC  filed  comments  on  behalf  of  leading  experts  in  privacy  and  technology  in 
response  to  the  draft  regulations  for  REAL  ID.2  At  the  time,  we  stated,  “REAL  ID  is 
fundamentally  flawed  because  it  creates  a  national  identification  system.  It  cannot  be  fixed  no 
matter  what  the  implementation  regulations  say.  Therefore,  the  REAL  ID  Act  must  be 
repealed.”3  EPIC  also  highlighted  the  privacy  and  security  risks  of  REAL  ID  as  part  of  the 
“Spotlight  on  Surveillance”  series.4  EPIC  also  testified  before  the  Department  of  Homeland 
Security’s  (“DUS”)  Data  Privacy  and  Integrity  Advisory  Committee  and  explained  that  the 
REAL  ID  draft  regulations  impermissibly  create  a  national  identification  system,  prohibited  by 
the  law  that  established  the  DHS,  and  threaten  national  security  and  individual  privacy.5  In  2008, 
EPIC  published  a  report  detailing  the  significant  costs  of  implementing  REAL  ID.1'  EPIC 
explained  that  “[DHS]  []  believes  that  it  can  sweep  aside  the  fact  that  REAL  ID  is  an  unfunded 
mandate  by  allocating  $360  million  to  the  States  for  REAL  ID  implementation... However,  the 


2  EPIC,  Comments  on  DHS  2006-0030:  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for 
Driver's  Licenses  and  Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes  (May  8, 
2007),  http://www.cpic.org/privacy/id_cards/epic_realid_comments.pdf. 

EPIC  and  24  Experts  in  Privacy  and  Technology,  Comments  on  DHS  2006-0030:  Notice  of  Proposed 
Rulemaking:  Minimum  Standards  for  Driver’s  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes  (May  8,  2007)  [hereinafter  “EPIC  Expert  Comments  on  Draft 
Regulations”],  http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf. 

4  See  EPIC,  Federal  REAL  ID  Proposal  Threatens  Privacy  and  Security  (March  2007), 
http://epic.org/privacy/surveillance/spotlight/0307/.  See  also  Anita  Ramasastry,  Why  the  New  Department 
of  Homeland  Security  REAL  ID  Act  Regulations  are  Unrealistic:  Risks  of  Privacy  and  Security  Violations 
and  Identity  Theft  Remain,  and  Burdens  on  the  States  Are  Too  Severe ,  Findlaw,  Apr.  6,  2007, 
http://writ.news.findlaw.com/ramasastry/20070406.html. 

5  Melissa  Ngo,  EPIC,  Testimony  and  Statement  for  the  Record  at  a  Hearing  Before  the  Data  Privacy  and 
Integrity  Advisory  Comm.,  Dep't  of  Homeland  Sec.  (Mar.  21,  2007), 
http://epic.org/privacy/id_cards/ngo_test_032107.pdf. 

6  See  EPIC,  REAL  ID  Implementation  Review:  Few  Benefits,  Staggering  Costs  (May  2008), 
http://epic.org/privacy/id_cards/epic_realid_0508.pdffhereinafter  “EPIC  2008  Report”]. 


REAL  ID  Act  Identity  Verification  Process 
[FR  Doc.2016-26958] 


2 


Comments  of  EPIC 
January  9,  2016 


number  still  pales  next  to  the  agency’s  ‘reduced’  estimate  of  $9.9  billion.”7  Our  concerns  about 


the  problems  with  REAL  ID  are  widely  shared  by  many  other  organizations.* 

We  have  attached  to  these  comments  both  the  2007  and  the  2008  Comments  on  REAL  ID 
and  ask  they  be  included  in  the  administrative  record. g 

EPIC  remains  concerned  that  the  REAL  ID  Act  creates  a  national  identification  system, 
in  violation  of  the  DHS  Act,  and  poses  significant  privacy  risks  to  millions  of  individuals. 
Furthermore,  TSA’s  proposed  collection  of  information  will  unduly  burden  millions  of  people  in 
several  states  that  have  rightly  chosen  not  to  comply  with  the  REAL  ID  Act. 

I.  History  of  Opposition  to  A  National  Identification  System  &  REAL  ID 

National  identification  cards  have  long  been  used  to  suppress  minorities,  track  dissidents, 
and  extend  state  authority.111 

a.  Historical  Opposition  to  the  Implementation  of  National  Identification  System 
The  United  States  has  always  opposed  the  creation  of  a  national  identification  system. 
When  the  Social  Security  Number  (“SSN”)  was  created  in  1936,  it  was  meant  to  be  used  only  as 
an  account  number  associated  with  the  administration  of  the  Social  Security  system.1 1  Though 
use  of  the  SSN  has  expanded  considerably,  it  is  not  a  universal  identifier  and  efforts  to  make  it 
one  have  been  consistently  rejected.  In  1971,  the  Social  Security  Administration  task  force  on  the 
Social  Security  Number1"  declined  to  transform  the  number  into  an  ID  card.1 '  The  Health, 


7  REAL  ID  Implementation  Review:  Few  benefits.  Staggering  Costs,  EPIC,  May  2008, 
https://epic.org/privacy/id_cards/epic_realid_0508.pdffhereinafter  “EPIC  2008  Report”]. 

*Speak  Out  Against  REAL  ID.  THE  PRIVACY  COALITION, 
https://www.privacycoalition.org/stoprealid/. 

9  See  Appendix  I  and  II. 

111  See  generally,  EPIC,  National  ID  Cards  and  the  REAL  ID  Act,  http://www.epic.org/privacy/id_cards/. 

1 1  Dep’t  of  Health,  Educ.  &  Welfare,  Secretary’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  125-35  (MIT  1973)  [hereinafter  "HEW  Report  on  Data 
Systems”],  http://www.epic.org/privacy/hew  1 973report/. 

12  See  generally,  EPIC,  Social  Security  Numbers,  http://www.epic.org/privacy/ssn/. 
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Education  and  Welfare  Secretary’s  Advisory  Committee  on  Automated  Personal  Data  Systems 

in  1973  again  rejected  the  creation  of  a  national  identifier  and  advocated  the  establishment  of 

significant  safeguards  to  protect  personal  data.  The  committee  said: 

We  recommend  against  the  adoption  of  any  nationwide,  standard,  personal 
identification  format,  with  or  without  the  SSN,  that  would  enhance  the  likelihood 
of  arbitrary  or  uncontrolled  linkage  of  records  about  people,  particularly  between 
government  or  government-supported  automated  personal  data  systems.  What  is 
needed  is  a  halt  to  the  drift  toward  [a  standard  universal  identifier]  and  prompt 
action  to  establish  safeguards  providing  legal  sanctions  against  abuses  of 
automated  personal  data  systems.14 

The  Federal  Advisory  Committee  on  False  Identification  also  advised  against  the  use  of  a 
national  identifier  in  1 976. 1  ^  In  1977,  the  Privacy  Protection  Study  Commission  recommended 
against  the  adoption  of  a  national  ID  system.16  In  its  report.  Personal  Privacy  in  an  Information 
Society,  the  commission  said  that  it: 

sees  a  clear  danger  that  a  government  record  system,  such  as  that  maintained  by 
the  Social  Security  Administration  or  the  Internal  Revenue  Service,  will  become  a 
de facto  central  population  register  unless  prevented  by  conscious  policy 
decisions.  Therefore  [...]  the  Federal  government  should  act  positively  to  halt  the 
incremental  drift  toward  creation  of  a  standard  universal  label  and  central 
population  register  until  laws  and  policies  regarding  the  use  of  records  about 
individuals  are  developed  and  shown  to  be  effective.17 

In  Congressional  testimony  in  1981,  Attorney  General  William  French  Smith  stated  that 
the  Reagan  administration  was  “explicitly  opposed  to  the  creation  of  a  national  identity  card.”18 
The  Clinton  administration  advocated  a  “Health  Security  Card"  in  1993  and  assured  the  public 


3  Soc.  Sec.  Admin.,  Soc.  Sec.  Number  Task  Force,  Report  to  the  Commissioner  (May  1971). 

14  Dep’t  of  Health,  Educ.  &  Welfare,  Secretary’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  125-35  (MIT  1973)  [hereinafter  “HEW  Report  on  Data 
Systems”],  available  at  http://www.epic.org/privacy/hewl973report/. 

15  Dep’t  of  Justice,  Fed.  Advisory  Comm,  on  False  Identification.  The  Criminal  Use  of  False 
Identification  (Nov.  1976). 

’  Privacy  Prot.  Study  Comm’n,  Personal  Privacy  in  an  Information  Society  (July  1977)  available  at 
http://www.epic.org/privacy/ppscl977report/. 

17  Id. 

18  Robert  B.  Cullen,  Administration  Announcing  Plan,  ASSOCIATED  PRESS,  July  30,  1981. 
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that  the  card,  issued  to  every  American,  would  have  “full  protection  for  privacy  and 
confidentiality.”19  Still,  the  idea  was  rejected  and  the  card  never  was  created.  In  1999,  Congress 
repealed  a  controversial  provision  in  the  Illegal  Immigration  Reform  and  Immigrant 
Responsibility  Act  of  1996  that  authorized  the  inclusion  of  SSNs  on  driver’s  licenses.20 
b.  State  Opposition  to  the  Implementation  of  REAL  ID 
The  DHS  has  repeatedly  stated  that  REAL  ID  is  not  mandatory,  however,  REAL  ID  is 
not  a  “voluntary”  program.  In  2007,  EPIC  noted  that  “States  are  under  considerable  pressure  to 
implement  REAL  ID  and  citizens  who  fail  to  carry  the  new  identity  document  will  find  it 
impossible  to  pursue  many  routine  activities.”21  Furthermore,  in  issuing  the  final  REAL  ID  rule 
DHS  noted  that  it  “believes  that  many  States  may  find  noncompliance  an  unattractive  option" 
because  the  States  would  not  be  able  to  "maintain  the  conveniences  enjoyed  by  their  residents 
when  using  their  State-issued  driver’s  licenses  and  non-driver  identity  cards  for  official  purposes, 
particularly  as  it  pertains  to  domestic  air  travel.”2'  Additionally,  shortly  before  the  passage  of  the 
Act  a  DHS  spokesman  stated  that  “[noncompliance  with  REAL  ID]  will  mean  real  consequences 
for  their  citizens...  if  their  leadership  chooses  not  to  comply.”23 


19  Press  Release,  White  House  Office  of  the  Press  Secretary,  The  Health  Security  Act  Of  1993:  Health 
Care  That’s  Always  There  (Sept.  22,  1993)  available  at  http://www.clintonfoundation.org/legacy/092293- 
press-release-on-health-security-plan.htm. 

211  Illegal  Immigration  Reform  and  Immigrant  Responsibility  Act  of  1996,  Pub.  L.  No.  104-208,  Div.  C, 
Title  III,  §  309  (1996),  amended  by  the  Immigration  and  Naturalization  Service  Data  Management 
Improvement  Act  of  2000,  Pub.  L.  No.  106-215,  1 14  Stat.  337  (2000). 

21  EPIC  and  24  Experts  in  Privacy  and  Technology,  Comments  on  DHS  2006-0030:  Notice  of  Proposed 
Ridemaking:  Minimum  Standards  for  Driver’s  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes  (May  8,  2007)  [hereinafter  “EPIC  Expert  Comments  on  Draft 
Regulations”],  available  at  http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf.  See 
Appendix  II.  at  3. 

22  Final  Rule,  Minimum  Standards  for  Driver's  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes ,  73  Fed.  Reg.  5271,  5329  (Jan.  29,  2008)  [hereinafter  "REAL  Final  Rule”], 
available  at  http://edocket.access.gpo.gov/2008/08-I40.htm. 

23  Ryan  Singel,  Montana  Governor  Foments  Real  ID  Rebellion ,  WIRED,  Jan.  18,  2008, 
http://blog.wired.com/27bstroke6/2008/01/montana-govemo.html. 
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At  this  point  in  time,  those  concerns  have  become  a  reality  for  some  states  as  they 

currently  face  two  options  (1)  comply  with  the  REAL  ID  Act  or  (2)  not  comply  and  have  their 

citizens  secure  alternative  forms  of  identification  in  order  to  get  on  a  plane.24  These  two  choices 

only  allow  one  to  come  to  the  conclusion  that  REAL  ID  is  a  mandatory  program  as  those  states 

who  do  not  comply  with  the  DHS  mandate  will  suffer  consequences  that  are  effectively  penalties. 

Following  the  enactment  of  the  REAL  ID  Act,  at  least  20  states  enacted  legislation 

opposing  the  REAL  ID  Act."'  While  some  of  those  states,  under  considerable  pressure  from  the 

federal  government,  have  modified  earlier  legislation,21’  many  still  maintain  opposition  to  REAL 

ID.27  Part  of  the  resistance  to  REAL  ID  from  the  states  is  because  the  costs  of  implementing 

REAL  ID  were,  and  remain,  unfunded  by  the  federal  government  and  place  a  large  burden  on  the 

states.  However,  in  addition  to  concerns  as  to  how  states  are  to  pay  for  implementing  the  Act, 

states  also  have  significant  privacy  concerns  as  does  the  general  public. 

II.  Privacy  Risks  Inherent  in  the  REAL  ID  Act 

a.  The  Department  of  Homeland  Security  is  not  fulfilling  their  responsibility  to 
protect  privacy 

The  DHS  stated  ten  years  ago  that  it  is  constrained  in  its  power  to  protect  the  privacy  of 
individuals  and  their  data  under  the  REAL  ID  Act.  The  agency  claimed  in  the  draft  regulations 
that,  “The  Act  does  not  include  statutory  language  authorizing  DHS  to  prescribe  privacy 

24  Jad  Mouawad,  T.S.A.  Moves  Closer  to  Rejecting  Some  State  Driver’s  Licenses  for  Travel,  NEW  YORK 
TIMES,  Dec.  28,  2015,  http://www.nytimes.com/2015/12/29/business/tsa-moves-closer-to-rejecting- 
some-state-drivers-licenses-for-travel.html. 

25  EPIC  2008  Report  Appendix  1;  State  Legislative  Activity  in  Opposition  to  the  Rea!  ID,  NATIONAL 
CONFERENCE  OF  STATE  LEGISLATURES,  Jan.  2014, 

http://www.ncsl.org/documents/standcomm/sctran/REALIDComplianceReport.pdf. 

26  Garry  Rayno,  NH  Senate  Approves  Bill  Allowing  Real  ID  Compliance ,  NEW  HAMPSHIRE  UNION 
LEADER,  Apr.  14,  2016,  http://www.unionleader.com/NH-Senate-approves-bill-allowing-Real-ID- 
compliance;  Jim  Harper,  Once  Again,  REAL  ID  Is  A  National  ID.  CATO  INSTITUTE,  May  25,  2016, 
https://www.cato.org/blog/yes-real-id-national-id. 

Edward  D.  Murphy,  Without  Change  In  State  Law,  Maine  IDs  Won  't  Get  Mainers  Aboard  Airplanes  in 
2018,  PRESS  HERALD,  Oct.  13,  2016,  http://www.pressherald.com/2016/10/12/homeland-security- 
wont-extend-deadline-for-maine-compliance-with-federal-id-law/. 
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requirements  for  the  state-controlled  databases  or  data  exchange  necessary  to  implement  the 
Act.”2*'  REAL  ID  creates  a  national  identification  system  that  affects  245  million  license  and 
cardholders  nationwide,  yet  today  the  DHS  has  still  failed  to  institute  strong  privacy  safeguards 
in  the  system  itself.29  The  agency  has  the  obligation  to  protect  the  privacy  of  individuals  affected 
by  this  system  and  must  do  more  than  the  feeble  attempts  set  out  in  the  Act. 

The  Privacy  Act  of  1974  applies  to  the  entire  national  identification  system  under 
guidelines  set  out  by  OMB  and  DHS.30  The  OMB  guidelines  explain  that  the  Privacy  Act 
“stipulates  that  systems  of  records  operated  under  contract  or,  in  some  instances,  State  or  local 
governments  operating  under  Federal  mandate  ‘by  or  on  behalf  of  the  agency  ...  to  accomplish 
an  agency  function’  are  subject  to  . . .  the  Act."31  The  guidelines  also  explain  that  “systems 
‘maintained’  by  an  agency  are  not  limited  to  those  operated  by  agency  personnel  on  agency 
premises  but  include  certain  systems  operated  pursuant  to  the  terms  of  a  contract  to  which  the 
agency  is  a  party.’’3-  The  REAL  ID  system  is  operated  under  a  Federal  mandate  to  accomplish 
several  agency  functions,  including  immigration  control. 

Because  the  DHS  has  created  this  system,  the  agency  must  fully  apply  Privacy  Act 
requirements  of  notice,  access,  correction,  and  judicially  enforceable  redress  to  the  entire  REAL 
ID  national  identification  system.  The  REAL  ID  Act  states  that  individuals  should  attempt  to 
exercise  their  rights  to  notice,  access,  correction  and  redress  through  State  DMVs,  the  Social 


2S  Dep’t  of  Homeland  Sec.,  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for  Driver 's  Licenses 
and  Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes ,  72  Fed.  Reg.  1 0,8 1 9, 
10,825  (Mar.  9,  2007)  [hereinafter  “REAL  ID  Draft  Regulations”], 
http://edocket.access.gpo.gov/2007/07-1009.htm 

29EMERCjENCY  SUPPLEMENTAL  APPROPRIATIONS  ACT  FOR  DEFENSE,  THE  GLOBAL  WAR 
ON  TERROR,  AND  TSUNAMI  RELIEF,  2005,  109  P.L.  13,  1 19  Stat.  231,  109  P.L.  13,  2005  Enacted 
H.R.  1268,  109  Enacted  H.R.  1268;  6  C.F.R.  37.1  et.  seq. 

30  EPIC  Expert  Comments  on  Draft  Regulations,  6-12. 

31  Office  of  Mgmt.  &  Budget,  Privacy  Act  Implementation:  Guidelines  and  Responsibilities,  40  Fed.  Reg. 
28,948,  28,951  (July  9,  1975),  http://www.whitehouse.gov/omb/inforeg/implementation_guidelines.pdf. 

32  Id. 
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Security  Administration,  the  Department  of  State,  and  the  U.S.  Citizenship  and  Immigration 
Service  (a  part  of  the  Department  of  Homeland  Security).3  ' 

In  enacting  REAL  ID,  DHS  has  punted  the  issue  of  privacy  to  the  States,  but  the  agency 
needs  to  lead.  Various  questions  remain,  including  important  ones  concerning  redress.  The  right 
of  redress  must  be  judicially  enforceable.  The  Privacy  Act  protections  must  be  mandated  in  the 
REAL  ID  regulations  in  order  for  DHS  to  fulfill  its  obligations, 
b.  Privacy  Risks  of  REAL  ID 

There  are  significant  threats  to  individual  privacy  and  security  that  would  be  created  by 
unfettered  access  to  REAL  ID  national  identification  system  data.'”4  Some  of  these  problems  arc 
based  on  the  design  of  the  card,  the  information  required  to  be  stored  on  the  cards,  and  the 
safeguards  for  the  underlying  databases. 

Under  REAL  ID,  a  substantial  amount  of  personal  information  must  be  included  on  the 
card.  This  includes  a  full  legal  name,  digital  photograph,  and  signature  that  can  be  read  by 
common  machine  readable  technology  and  the  information  included  on  the  card  is  not  required 
to  be  encrypted.  Prior  to  enactment,  the  DHS  Privacy  Office  supported  encryption  “because  2D 
bar  code  readers  are  extremely  common,  the  data  could  be  captured  from  the  driver’s  licenses 
and  identification  cards  and  accessed  by  unauthorized  third  parties  by  simply  reading  the  2D  bar 
code  on  the  credential”  if  the  data  is  left  unencrypted.  ’’  There  are  many  examples  of 
unauthorized  users  being  able  to  download  data  from  unencrypted  machine-readable 
technology.3*’ To  protect  privacy  and  improve  security,  this  machine-readable  technology  must 

33  REAL  Final  Rule  at  5284-5284,  supra  note  20. 

34  EPIC  Expert  Comments  on  Draft  Regulations  at  17-28,  supra  note  26. 

35  Dep’t  of  Homeland  Sec.  Privacy  Office,  Privacy  Impact  Assessment  for  the  REAL  ID  Act  1 6  (Mar.  1 , 
2007),  http://www.epic.org/privacy/id_cards/pia_030 1 07.pdf. 

36  EPIC  Expert  Comments  on  Draft  Regulations  at  21-23. 
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either  include  encryption  or  access  must  be  limited  in  some  other  form.  Without  required 
encryption,  REAL  ID  leaves  245  million  individuals  at  risk  for  individual  tracking.37 

DHS  rejected  encryption  in  the  final  rule  because  of  “the  complexities  and  costs  of 
implementing  an  encryption  infrastructure. ’oS  DHS  is  required  to  include  security  protections  on 
the  REAL  ID  card.  Under  the  REAL  ID  Act,  the  card  must  include  “Physical  security  features 
designed  to  prevent  tampering,  counterfeiting,  or  duplication  of  the  document  for  any  fraudulent 
purpose.”3  ’ The  agency  has  this  obligation  and  it  should  not  abdicate  this  responsibility.  If  DHS 
does  not  seek  to  limit  access  to  the  data  on  the  REAL  ID  card,  then  it  is  signaling  that  it  is 
acceptable  for  third  parties  to  download,  access  and  store  data  for  purposes  beyond  the  three 
official  purposes. 

Rejecting  encryption  for  the  2D  barcode  helps  to  push  the  REAL  ID  system  into 
“widespread”  use  in  everyday  life,  a  goal  that  former  DHS  Secretary  Chertoff  and  the  DHS  final 
rule  itself  expect  and  support.  Such  an  expansion  would  harm  both  individual  privacy  and 
security  and  quickly  turn  the  United  States  into  a  country  where  the  REAL  ID  national 
identification  card  is  involuntarily  carried  by  everyone. 

Furthermore,  the  amount  of  information  contained  on  the  REAL  ID  cards  increases  risks 
if  the  card  is  compromised.  There  are  a  number  of  “insider”  and  “outsider”  threats  to  the  massive 
identification  database  connecting  56  States  and  territories.  Creating  a  national  identification 
database  containing  personal  data  of  245  million  State  license  and  ID  cardholders  nationwide, 
one  that  would  be  accessible  from  a  massive  number  of  DMVs  across  the  country,  is  an 
invitation  for  all  criminals  -  whether  identity  thieves  or  terrorists  -  to  break  into  just  one  of  these 
entrance  points  to  gather  such  data  for  misuse. 

'  EPIC  Expert  Comments  on  Draft  Regulations  at  17-18. 

38  REAL  Final  Rule  at  5292. 

39  REAL  ID  Act  at  §202(b)(8). 
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Such  a  system  would  also  be  at  risk  of  abuse  from  authorized  users,  such  as  DMV 
employees,  who  are  bribed  or  threatened  into  changing  the  system  data  or  issuing  “authentic” 
national  identification  cards.  It  is  appropriate  to  note  here  that,  on  the  day  that  DHS  released  the 
final  regulations  for  REAL  ID,  “A  Maryland  Motor  Vehicle  Administration  employee  [...]  and 
four  others  were  indicted  [  ]  on  charges  that  they  made  and  sold  fake  State  driver’s  licenses  and 
identification  cards  in  exchange  for  money.”40 

Identity  theft  continues  to  be  one  of  the  leading  concerns  for  consumers.41  The  FTC 
found  that  in  2015,  the  last  year  for  which  information  is  currently  available,  the  number  of 
identity  theft  claims  they  received  increased  by  more  than  47%  than  identity  theft  incidents 
reported  in  20 14.42  Furthermore,  identity  theft  has  been  one  of  the  top  consumer  issues  for  the 
past  fifteen  years.43 

Large-scale  data  breaches  have  occurred  in  State  DM  Vs  across  the  country;  if  the 
databases  are  linked  under  REAL  ID,  these  breaches  will  only  grow  in  scale.  The  Oregon  DMV 
lost  half  a  million  records  in  2005.44  Also  that  year,  in  Georgia,  a  dishonest  insider  exposed 
465,000  records.4'  In  201 1  a  North  Carolina  DMV  worker  was  charged  with  five  counts  of 
identity  theft  after  she  used  DMV  computers  to  obtain  information  to  take  out  payday  loans  in 
other  people’s  names  46  In  2014,  the  California  DMV  suffered  a  data  breach  where  credit  card 


411  Five  indicted  in  identity  theft  scheme ,  BALTIMORE  SUN.  Jan.  1 1, 2008. 

41  FTC  Releases  Annual  Summary  of  Consumer  Complaints ,  FEDERAL  TRADE  COMMISSION,  Mar.  1 , 
2016,  https://www.ftc.gov/news-events/press-releases/2016/03/ftc-releases-annual-summary-consumer- 
complaints. 

42  Id. 

"Id. 

44  Privacy  Rights  Clearinghouse,  A  Chronology  of  Data  Breaches, 
http://www.privacyrights.org/ar/ChronDataBreaches.htm. 

"Id. 

46  Sloane  Heffeman,  Charge:  Worker  Used  DMV  Computers  for  ID  Theft.  WRAL,  Oct.  17,  201 1, 
http://www.wral.com/news/local/story/10268291/. 
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information  was  compromised  via  their  online  payment  system.4  In  2015,  an  Oregon  man  was 


able  to  download  a  list  that  contained  a  DMV  list  of  identification  numbers  as  well  as  federal 
income  tax  forms  and  was  charged  with  26  counts  of  aggravated  identity  theft.48  The  list  goes  on, 
and  the  personal  information  of  individuals  will  be  endangered  under  the  REAL  ID  national 
identification  system. 

Domestic  violence  survivors  are  particularly  vulnerable  to  compromised  data.  Domestic 
violence  survivors  who  flee  their  abusers,  crossing  into  different  States,  would  be  exposed  if 
their  abuser  breaches  the  security  of  any  one  of  these  56  interconnected  databases.  “An  abuser 
with  an  associate  inside  a  State  DMV,  law  enforcement,  or  other  agency  with  access  to  the  State 
records  would  be  able  to  track  a  victim  as  the  victim  moves  across  the  country.”49 

The  danger  of  negligent  and  accidental  disclosures  is  increased  by  REAL  ID,  as 
substantially  more  government  employees  will  have  access  to  all  motor  vehicle  records 
nationwide.  This  sort  of  inadvertence  will  happen  much  more  frequently  in  a  post-REAL  ID 
world  as  the  access  to  driver’s  license  information  is  spread  throughout  the  national 
identification  system. 


47  Sources:  Credit  Card  breach  at  California  DMV,  KREBS  ON  SECURITY,  Mar.  22,  2014, 
https://krebsonsecurity.com/2014/03/sources-credit-card-breach-at-califomia-dmv/. 

48  Brent  Wclsbcrg,  Convicted  ID  Thief  Found  With  How  To '  Guide,  DMV  Database,  KOIN6, 
http://koin.com/2015/02/12/convicted-id-thief-found-with-how-to-guide-dmv-database/. 

49  EPIC  Expert  Comments  on  Draft  Regulations  at  50,  supra  note  26. 
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c.  Increased  Risks  Associated  with  Hacking 


In  light  of  recent  events  there  is  even  more  reason  to  be  concerned  about  the  likelihood 
and  effects  of  a  data  breach  occurring  of  state  DMV  records.  The  federal  government  has  been 
subject  to  a  number  of  hacks  in  recent  years  which  have  been  incredibly  concerning  to  those 
affected  by  those  hacks  and  the  public  at  large.  The  lack  of  security  features  remain  and  show  the 
risk  of  those  states  that  chose  to  adopt  the  REAL  ID  requirements. 

Recently,  government  data  breaches  have  been  numerous  and  severe  and  have  raised 
concerns  surrounding  the  safety  of  data  in  the  United  States.  In  the  past  three  years,  data 
breaches  have  affected  the  Office  of  Personnel  Management,50  Internal  Revenue  Service,51 
Federal  Bureau  of  Investigation,  and  the  DHS.':  Overall,  the  number  of  government  data 
breaches  has  exploded  in  the  last  decade,  rising  from  5,503  in  2006  to  67,168  in  2014.53 

These  reports  of  hacking  and  data  breaches  are  likely  to  be  of  further  concern  to  state 
officials  who  are  implementing,  or  are  skeptical  of,  REAL  ID  in  light  of  recent  revelations  of  the 
U.S.  Intelligence  Community.  The  intelligence  community  currently  has  information  showing 
that  a  foreign  government  was  responsible  for  hacks  of  the  Democratic  National  Committee  as 
well  as  the  hacking  of  John  Podesta’s  email.54  While  the  full  nature  and  reasons  behind  the  2016 


511  Dan  Goodin,  Call  it  a  “ Data  Rupture”:  Hack  Hitting  OPM Affects  21.5  Million,  ArsTECHNICA  (July  9, 
2015),  http://arstechnica.com/security/20 1 5/07/call-it-a-data-rupture-hack-hitting-opm-affects-2 1  -5- 
million/. 

51  Dan  Goodin,  Call  it  a  “Data  Rupture":  Hack  Hitting  OPM  Affects  21.5  Million ,  ARSTECHNICA  (July  9, 
20 1 5),  http://arstechnica.com/security/20 1 5/07/call-it-a-data-rupture-hack-hitting-opm-affects-2 1  -5- 
million/. 

52  Alexandra  Burlacu,  Teen  Arrested  Over  DHS  and  FBI  Data  Hack,  TECH  TIMES  (Feb.  1 3,  20 1 6), 
http://www.techtimes.com/articles/133501/20160213/teen-arrested-over-dhs-and-fbi-data-hack.htm. 

53  U.S.  Gov’t  Accountability  Office,  Federal  Agencies  Need  to  Better  Protect  Sensitive  Data  4  (Nov.  17, 
2015),  http://www.gao.gov/assets/680/673678.pdf. 

54  Background  to  "Assessing  Russian  Activities  and  Intentions  in  Recent  US  Elections  ”:  The  Analytic 
Process  and  Cyber  Incident  Attribution,  DIRECTOR  OF  NATIONAL  INTELLIGENCE,  Jan.  6,  2017, 
https://www.dni.gov/files/documents/ICA_2017_01.pdf.  See  also  David  Sanger  &  Charlie  Savage,  U.S. 
Says  Russia  Directed  Hacks  to  Influence  Elections,  NEW  YORK  TIMES,  Oct.  7,  2016, 
http://www.nytimes.com/2016/10/08/us/politics/us-formally-accuses-russia-of-stealing-dnc-emails.html. 
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US  Presidential  Election  hacks  are  still  being  investigated  and  debated,  the  event  should  give 
pause  to  any  state  official  that  is  considering  fully  complying  with  the  REAL  ID  Act.  It  is  clear 
that  large  databases  of  personal  information  are  attractive  targets  for  the  purposes  of  identity 
theft,  blackmail,  or  in  some  cases  simply  for  the  challenge  of  hacking  into  a  government 
database. 

III.  Undue  Burden  on  States  Who  Continue  to  Oppose  REAL  ID 

The  REAL  ID  Act  is  an  unfunded  mandate  that  burdens  states  with  numerous 
unnecessarily  requirements."  Several  states  continue  to  fight  the  implementation  of  REAL  ID.56 
As  such,  the  TSA  has  stated  that  individuals  with  drivers  licenses  and  identification  cards  from 
states  the  DHS  deems  “non-compliant”  will  need  alternative  forms  of  identification  in  order  to 
board  airplanes.57  Consequently,  individuals  in  states  that  oppose  REAL  ID  are  far  more  likely  to 
be  inconvenienced  at  the  airport  under  the  proposed  new  form  of  infonnation  collection. 

In  addition  to  the  eight  states  that  opposed  REAL  ID,  there  are  several  other  whose 
citizens  may  also  be  subjected  to  the  agency’s  data  collection  requirements.  For  example, 


55  See  Emma  Dumain,  Noncompliance  with  REAL  ID  Could  Mean  Real  Trouble  for  S.C.  Travelers,  THE 
POST  AND  COURRIER,  Oct.  30,  2016,  http://www.postandcouricr.com/news/noncompliancc-with-real- 
id-could-mean-rcal-troublc-for-s/article_bf679418-9c7f-l  Ic6-bc47-5fa2c51c2fff.html;  Rachel  E.  Stasscn- 
Berger,  Minnesota  Real  ID  Licenses  Closer  -  But  Still  Far  From  Reality,  TWIN  CITIES  PIONEER 
PRESS,  May  17,  2016,  http://www.twincities.com/2016/05/17/minnesota-rcal-id-licenses-legislature- 
closer-but-still-far-from-reality/;  Dan  Griffin,  REAL  ID  Requirements  Could  Soon  Pose  Problems  for 
Kentucky  Air  Travelers,  WLWT,  Jan.  4,  2017,  http://www.wlwt.com/article/real-id-requirements-could- 
soon-pose-problems-for-kentucky-air-travelers/6895810;  Jack  Suntrup,  Missouri  Lawmakers  Being  to 
Tackle  Real  ID  Problem,  ST.  LOUIS  POST-DISPATCH,  Jan.  13,  2016, 

http://www.stltoday.com/news/local/govt-and-politics/missouri-lawmakers-begin-to-tackle-real-id- 
problem/article_83326247-9410-56c2-adf8-cf2f7821e03e.html;  Denied:  Oklahoma's  request  for  Real  ID 
Act  Extension  Denied,  K.FOR.  Oct.  1 1,  2016,  http://kfor.eom/2016/10/l  1/denied-oklahomas-request-for- 
real-id-act-extension-denied/. 

56  REAL  ID  Enforcement  in  Brief  DEPARTMENT  OF  HOMELAND  SECURITY, 
https://www.dhs.gov/real-id-enforcement-brief. 

57  REAL  ID  Frequently  Asked  Questions  for  the  Public,  DEPARTMENT  OF  HOMELAND  SECURITY, 
https://www.dhs.gOv/real-id-public-faqs#. 
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Montana  has  a  law  that  prevents  them  from  fully  implementing  the  Act.58  Additionally,  states 
like  New  York  and  Oregon  have  been  granted  extensions  and  may  or  may  not  be  fully 
“compliant,”  according  to  the  DHS,  by  2018  which  potentially  puts  them  at  risk  as  well  of 
having  to  go  through  information  collection  practices  when  they  go  to  the  airport.59 

The  proposed  system  creates  a  large  problem  for  states  that  the  DHS  deems  “non- 
compliant.”  The  TSA  seeks  to  implement  information  collection  practices  that  will  burden 
millions  of  traveling  individuals  who  hail  from  states  that  do  not  adhere  to  REAL  ID 
requirements.  Many  of  these  individuals  will  likely  be  entirely  unware  that  their  identification  is 
not  satisfactory  and  that  they  will  be  subject  to  TSA  information  collection  until  they  arrive  at 
the  airport.  These  individuals  will  be  burdened  not  because  they  do  not  have  identification,  but 
because  they  have  identification  that  the  TSA  refuses  to  accept.  Furthermore,  the  proposed 
information  collection  system  penalizes  these  people  for  the  choices  of  their  state  legislators  and 
other  state  officials  who  have  expressed  several  valid  concerns  surrounding  REAL  ID. 
Individuals  should  not  be  punished  when  their  state  representatives  have  strong  concerns  about 
how  REAL  ID  will  impact  their  citizens  to  whom  they  are  all  accountable. 

Given  the  stresses  that  a  number  of  people  face  when  traveling  it  is  entirely  misguided  to 
have  travelers  who  do  have  driver’s  licenses  or  identification  cards  which,  for  years,  have  been 
acceptable  documents  to  show  to  be  able  to  board  a  plane.  This  is  not  an  instance  where 
individuals  arrive  at  the  airport  with  no  proof  of  who  they  are,  it  is  an  instance  of  the  DHS, 


5X  Feds  Deny  Montana  Request  to  Delay  Driver's  License  Law,  BILLINGS  GAZETTE,  Nov.  22,  2016, 
http://billingsgazette.com/news/state-and-regional/montana/feds-deny-montana-request-to-deIay-driver-s- 
license-law/article_bd75d4O-8084-5 1  fb-ab38-98eef440ba97.html. 

59  Katherine  Lam,  New  Yorkers  Have  Until  2018  to  Fly  Domestically  with  their  NY  State  Driver's  License, 
PIX1 1,  Jan.9,  2016,  http://pixl  1. com/201 6/0 l/09/new-yorkers-have-until-2018-to-fly-domestically-with- 
their-ny-state-drivers-license/;  Rachel  La  Corte,  Update:  What  REAL  ID  Means  for  Washington  State, 

THE  SEATTLE  TIMES,  Apr.  10,  2016,  http://www.seattletimes.com/life/travel/what-real-id-means-for- 
washington-state/. 
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through  TSA,  attempting  to  force  states  to  comply  with  their  wishes  and  has  nothing  to  do  with 
airport  security. 

IV.  Conclusion 

The  REAL  ID  Act  still  poses  several  concerns  and  challenges  for  states.  It  remains  an 
unfunded  federal  mandate  that  exposes  millions  of  individuals  to  threats  of  identity  theft  as  well 
as  having  their  information  compromised  and  potentially  exposed.  Several  states  have  chosen  not 
to  comply  with  the  Act  for  reasons  spanning  from  lack  of  federal  funding,  to  opposition  to  a 
national  identification  system,  and  privacy  concerns.  The  proposed  information  gathering  of 
individual  at  airports  essentially  punishes  citizens  for  actions  that  their  state  governments  have 
taken  to  protect  their  privacy. 

EPIC  urges  the  TSA  to  abandon  the  proposed  information  collection  for  individuals  who 
do  not  possess  a  state  driver’s  license  that  fails  to  comply  with  the  DHS’s  view  of  “compliance”: 
the  United  State  has  long  opposed  national  identification  system,  the  privacy  risks  of  REAL  ID 
are  substantial,  and  the  States  were  correct  to  opposed  a  federal  identity  system  not  in  the  best 
interests  of  their  citizens. 


Respectfully  Submitted, 

A/ Marc  'Rotenberg 

Marc  Rotenberg 

EPIC  President  and  Executive  Director 

A/  Jeramie  D.  Scott 

Jeramie  D.  Scott 

EPIC  National  Security  Counsel 

/s/  Xim  MiCCer 
Kim  Miller 
EPIC  Policy  Fellow 
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I.  Introduction 

By  notice  published  on  March  9,  2007.  the  Department  of  Homeland  Security 
(“DHS”)  announced  it  seeks  to  establish  “minimum  standards  for  State-issued  driver’s 
licenses  and  identification  cards  that  Federal  agencies  would  accept  for  official  purposes 
after  May  1 1,  2008,  in  accordance  with  the  REAL  ID  Act  of  2005.”'  Pursuant  to  this 
notice,  the  aforementioned  group  ("Coalition”)  submits  these  comments  to  request  the 
Department  of  Homeland  Security  recommend  to  Congress  that  REAL  ID  is  unworkable 
and  must  be  repealed.  The  REAL  ID  Act  creates  an  illegal  de facto  national  identification 
system  filled  with  threats  to  privacy,  security  and  civil  liberties  that  cannot  be  solved,  no 
matter  what  the  implementation  plan  set  out  by  the  regulations.2  And  if  REAL  ID 
implementation  does  go  forward,  the  protections  of  the  Privacy  Act  of  1974  must  be  fully 
enforced  for  all  uses  of  the  data  current  and  feature.  Agencies  should  not  be  permitted  to 
assert  any  exemptions  and  individuals  must  granted  all  rights,  including  the  judicially 
enforceable  right  to  access  and  correct  their  records  and  to  ensure  compliance  with  all  of 
the  requirements  of  the  Privacy  Act. 

The  problematic  adoption  of  the  law  now  under  consideration  is  now  well  known. 
The  REAL  ID  Act  was  appended  to  a  bill  providing  tsunami  relief  and  military 
appropriations,  and  passed  with  little  debate  and  no  hearings.  It  was  passed  in  this  manner 


1  Dep't  of  Homeland  Sec.,  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for  Driver's  Licenses  and 
Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes,  72  Fed.  Reg.  10,819  (Mar.  9, 
2007)  ["REAL  ID  Draft  Regulations"],  available  at 

http://a257.g.akamaitech.net/7/257/2422/01jan20071800/edocket.access.gpo.gov/2007/07-  1009.htm;  see 
generally,  EPIC,  National  ID  Cards  and  the  REAL  ID  Act  Page,  http://www.epic.org/privacy/id_cards/; 
EPIC.  Spotlight  on  Surveillance.  Federal  REAL  ID  Proposal  Threatens  Privacy  and  Security  (Mar.  2007), 
http://www.epic.org/privacy/surveillance/spotlight/0307;  Anita  Ramasastry,  Why  the  New  Department  of 
Homeland  Security  REAL  ID  Act  Regulations  are  Unrealistic:  Risks  of  Privacy  and  Security’  Violations  and 
Identity  Theft  Remain,  and  Burdens  on  the  States  Are  Too  Severe,  Findlaw,  Apr.  6.  2007,  available  at 
http://writ.news.fmdlaw.com/ramasastry/20070406.html. 

2  Pub.  L.  No.  109-13,  1 19  Stat.  231  (2005). 
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even  though  Republican  and  Democratic  lawmakers  in  the  Senate  urged  Senate  Majority 
Leader  Bill  Frist  to  allow  hearings  on  the  bill  and  to  permit  a  separate  vote  on  the 
measure.’  The  senators  said  they  believe  REAL  ID  “places  an  unrealistic  and  unfunded 
burden  on  state  governments  and  erodes  Americans’  civil  liberties  and  privacy  rights.”4 
The  people  could  not  speak  during  this  rushed  process.  They  are  speaking  now. 

II.  REAL  ID  Creates  a  National  ID  System 

Throughout  the  history  of  the  United  States,  its  people  have  rejected  the  idea  of  a 
national  identification  system  as  abhorrent  to  freedom  and  democracy.  The  REAL  ID  Act 
and  the  draft  regulations  to  implement  it  create  a  de  facto  national  identification  system, 
and  the  Act  must  be  repealed. 

A.  Americans  Have  Consistently  Rejected  a  National  ID  System 
When  the  Social  Security  Number  (SSN)  was  created  in  1936,  it  was  meant  to  be 
used  only  as  an  account  number  associated  with  the  administration  of  the  Social  Security 
system.5  Though  use  of  the  SSN  has  expanded  considerably,  it  is  not  a  universal  identifier 
and  efforts  to  make  it  one  have  been  consistently  rejected/'  In  1973,  the  Health. 

Education  and  Welfare  Secretary’s  Advisory  Committee  on  Automated  Personal  Data 
Systems  rejected  the  creation  of  a  national  identifier  and  advocated  the  establishment  of 
significant  safeguards  to  protect  personal  information.  The  committee  said: 


1  Press  Release,  S.  Comm,  on  Homeland  Sec.  &  Govemmenlal  Affairs.  Twelve  Senators  Urge  Frist  To 
Keep  Real  ID  Act  Off  Supplemental  Appropriations  Bill  Sweeping  Proposal  Needs  Deliberate 
Consideration  (Apr.  12,  2005),  available  at 

http://www.senate.gov/%7Egov_affairs/index.cfm'?FuseAction=PressReleases.Detail&Affiliation=R&Press 

Release_id=953&Month=4&Year=2005. 

4  Id. 

5  EPIC  &  Privacy  Int’l,  Privacy  and  Human  Rights:  An  International  Survey  of  Privacy  Laws 
and  Practice  47  (EPIC  2004). 

6  See  Marc  Rotenberg,  Exec.  Dir.,  EPIC,  Testimony  and  Statement  for  the  Record  at  a  Hearing  on  Social 
Securin’  Number  High  Risk  Issues  Before  the  Subcomm.  on  Social  Sec.,  H.  Comm  on  Ways  &  Means,  109th 
Cong.  (Mar.  16,  2006),  available  at  http://www.epic.org/privacy/ssn/mar_16test.pdf;  EPIC  page  on  Social 
Security  Numbers,  http://www.epic.org/privacy/ssn/. 
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We  recommend  against  the  adoption  of  any  nationwide,  standard,  personal 
identification  format,  with  or  without  the  SSN.  that  would  enhance  the 
likelihood  of  arbitrary  or  uncontrolled  linkage  of  records  about  people, 
particularly  between  government  or  government-supported  automated 
personal  data  systems.  What  is  needed  is  a  halt  to  the  drift  toward  fa 
standard  universal  identifier]  and  prompt  action  to  establish  safeguards 
providing  legal  sanctions  against  abuses  of  automated  personal  data 
systems.7 

In  1977,  the  Carter  Administration  reiterated  that  the  SSN  was  not  to  become  an 
identifier.  In  Congressional  testimony  in  1981,  Attorney  General  William  French  Smith 
stated  that  the  Reagan  Administration  was  “explicitly  opposed  to  the  creation  of  a 
national  identity  card.”*  When  it  created  the  Department  of  Homeland  Security,  Congress 
made  clear  in  the  enabling  legislation  that  the  agency  could  not  create  a  national  ID 
system.''  In  September  2004,  then-Department  of  Homeland  Security  Secretary  Tom 
Ridge  reiterated,  “ft]he  legislation  that  created  the  Department  of  Homeland  Security  was 
very  specific  on  the  question  of  a  national  ID  card.  They  said  there  will  be  no  national  ID 
card.”10  The  citizens  of  the  United  States  have  consistently  rejected  the  idea  of  a  national 
identification  system. 

B.  REAL  ID  Is  Not  Voluntary 

Supporters  of  REAL  ID  point  to  the  legislation,  which  says  that  State 
implementation  is  “voluntary."  However,  States  are  under  considerable  pressure  to 
implement  REAL  ID  and  citizens  who  fail  to  carry  the  new  identity  document  will  find  it 
impossible  to  pursue  many  routine  activities.  The  administration  has  also  pursued  a 


7  Dep’t  of  Health.  Educ.  &  Welfare,  Sec'y’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  (July  1973),  available  at 
http://www.epic.org/privacy/hewl973report/. 

8  Robert  B.  Cullen,  Administration  Announcing  Plan,  Associated  Press,  July  30,  1981. 

9  Pub.  L.  No.  107-296,  1 16  Stat.  2135  (2002). 

10  Tom  Ridge,  Sec'y,  Dep’t  of  Homeland  Sec.,  Address  at  the  Center  for  Transatlantic  Relations  at  Johns 
Hopkins  University:  “Transatlantic  Homeland  Securin’  Conference"  (Sept.  13,  2004),  available  at 
http://www.dhs.gov/xnews/speeches/speech_0206.shtm. 
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heavy-handed  assault  on  those  who  have  raised  legitimate  questions  about  the  efficacy, 
cost,  and  impact  of  the  $23B  program.  Critics  of  REAL  ID  have  been  labeled  anti¬ 
security.  In  Congressional  testimony,  a  high-ranking  DHS  official  said,  “Any  State  or 
territory  that  does  not  comply  increases  the  risk  for  the  rest  of  the  Nation.”"  It  is  not  anti¬ 
security  to  reject  a  national  identification  system  that  does  not  add  to  our  security 
protections,  but  in  fact  makes  us  weaker  as  a  nation.  This  system  is  also  an  unfunded 
mandate  that  imposes  an  enormous  burden  upon  the  states  and  the  citizenry.  The  federal 
government  has  estimated  that  REAL  ID  will  cost  $23.1  billion,  but  it  has  allocated  only 
$40  million  for  implementation  and  has  told  the  states  that  they  may  divert  homeland 
security  grant  funding  already  allocated  to  other  security  programs  for  REAL  ID. 12 

Design  standardization  means  that  anyone  with  a  different  license  or  ID  card 
would  be  instantly  recognized,  and  immediately  suspected.  The  Department  of  Homeland 
Security  already  contemplates  expanding  the  REAL  ID  card  into  “everyday 
transactions.”"  It  will  be  easy  for  insurance  firms,  credit  card  companies,  even  video 
stores,  to  demand  a  REAL  ID  driver’s  license  or  ID  card  in  order  to  receive  services. 
Significant  delay,  complication  and  possibly  harassment  or  discrimination  would  fall 
upon  those  without  a  REAL  ID  card.  In  actuality,  the  “voluntary"  card  is  the  centerpiece 
of  a  mandatory'  national  identification  system  that  the  federal  government  seeks  to 
impose  on  the  states  and  the  citizens  of  the  United  States. 


1 1  Richard  C.  Barth.  Ass't  Sec'y  for  Policy  Development.  Dep't  of  Homeland  Sec.,  Testimony  at  a  Hearing 
on  Understanding  the  Realities  of  REAL  ID:  A  Review  of  Efforts  to  Secure  Drivers'  Licenses  and 
Identification  Cards  Before  the  Subcomm.  on  Oversight  of  Gov't  Management,  the  Federal  Workforce  & 
the  District  of  Columbia,  S.  Comm,  on  Homeland  Sec.  &  Governmental  Affairs ,  1 1 0th  Cong.  (Mar.  26, 
2007)  ["DHS  Testimony  at  REAL  ID  Hearing"),  available  at 
http://hsgac.senate.gov/_files/Testimonybarth.pdf. 

12  REAL  ID  Draft  Regulations  at  10.845,  supra  note  1. 

13  See  Data  Collection  Expansion  discussion,  infra  Section  IX  (DHS  plans  to  expand  uses  of  REAL  ID). 
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C.  Regulations  Create  a  De  Facto  National  ID  System 


The  Department  of  Homeland  Security  draft  regulations  would  (1)  impose  more 
difficult  standards  for  acceptable  identification  documents  that  could  limit  the  ability  of 
individuals  to  get  a  state  drivers  license;  (2)  compel  data  verification  procedures  that  the 
Federal  government  itself  is  not  capable  of  following;  (3)  mandate  minimum  data 
elements  required  on  the  face  of  and  in  the  machine  readable  zone  of  the  card;  (4)  require 
changes  to  the  design  of  licenses  and  identification  cards  (5)  expand  schedules  and 
procedures  for  retention  and  distribution  of  identification  documents  and  other  personal 
data;  and  (6)  dictate  security  standards  for  the  card,  state  motor  vehicle  facilities,  and  the 
personal  data  and  documents  collected  in  state  motor  vehicle  databases.  These  regulations 
create  a  de  facto  national  identification  system. 

State  licenses  and  identification  cards  must  meet  standards  set  out  in  the 
regulations  to  be  accepted  for  Federal  use.  REAL  ID  cards  will  be  necessary  for: 
“accessing  Federal  facilities,  boarding  commercial  aircraft,  and  entering  nuclear  power 
plants.”14  The  Supreme  Court  has  long  recognized  that  citizens  enjoy  a  constitutional 
right  to  travel.  In  Saenz  v.  Roe,  the  Court  noted  that  the  ‘“constitutional  right  to  travel 
from  one  State  to  another'  is  firmly  embedded  in  our  jurisprudence.”15  For  that  reason, 
any  government  initiative  that  conditions  the  ability  to  travel  upon  the  surrender  of 
privacy  rights  requires  particular  scrutiny.  This  is  particularly  relevant  under  the  REAL 
ID  regulations,  as  they  affect  245  million  license  and  cardholders  nationwide.  REAL  ID 
could  preclude  citizens  from  entering  Federal  courthouses  to  exercise  their  right  to  due 


14  REAL  ID  Draft  Regulations  at  10,823,  supra  note  1. 

15  526  U.S.  489  (1999),  quoting  United  Stales  v.  Guest,  383  U.S.  745  (1966). 
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process,  or  from  entering  Federal  agency  buildings  in  order  to  receive  their  Social 
Security  or  veterans’  benefits. 

DHS  may  compel  card  design  standardization,  “whether  a  uniform  design/color 
should  be  implemented  nationwide  for  non-REAL  ID  driver’s  licenses  and  identification 
cards,"  so  that  non-REAL  ID  cards  will  be  easy  to  spot.16  This  universal  card  design  will 
lead  to  a  national  identification  system,  combined  with  the  mandate  under  the  proposed 
regulations  imposing  new  requirements  on  state  motor  vehicle  agencies  so  that  the 
Federal  government  can  link  together  their  databases  to  distribute  license  and 
cardholders’  personal  data,  create  a  national  identification  system.1  DHS  also  has 
considered  expanding  the  official  uses  for  the  REAL  ID  system,  going  so  far  as  to 
estimate  that  one  of  the  ancillary  benefits  of  REAL  ID  implementation  would  be  to 
reduce  identity  theft  -  a  reduction  DHS  bases  on  "the  extent  that  the  rulemaking  leads  to 
incidental  and  required  use  of  REAL  ID  documents  in  everyday  transactions.”18  There  are 
other  ways  in  which  DHS  has  contemplated  expanding  the  uses  of  the  REAL  ID  system 
so  that  the  card  becomes  a  national  identifier  -  one  card  for  each  person  throughout  the 
country.19 

III.  DHS  Has  the  Obligation  to  Protect  Privacy  of  Citizens 

The  Department  of  Homeland  Security  states  that  it  is  constrained  in  its  power  to 
protect  the  privacy  of  individuals  and  their  data  under  the  REAL  ID  Act.  The  agency 
claims  in  the  notice  of  proposed  regulations  that  "The  Act  does  not  include  statutory 

16  REAL  ID  Draft  Regulations  at  10.841,  supra  note  1. 

17  Id.  at  10,825. 

18  Dep't  of  Homeland  Sec..  Regulatory  Evaluation;  Notice  of  Proposed  Rulemaking;  REAL  ID;  6  CFR  Part 
37;  RIN;  I06I-AA37;  Docket  No.  DHS-2006-0030.  at  130  (Feb.  28.  2007)  ["‘Regulatory  Evaluation"], 
available  or  http://www.epic.org/privacy/id_cards/reg_eval_draftregs.pdf. 

19  See  Data  Collection  Expansion  discussion,  infra  Section  IX  (DHS  plans  to  expand  uses  of  REAL  ID). 
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language  authorizing  DHS  to  prescribe  privacy  requirements  for  the  state-controlled 

databases  or  data  exchange  necessary  to  implement  the  Act.’'2"  We  agree  with  Sen. 

Joseph  Lieberman,  who  stated,  "The  concept  that  federal  agencies  need  explicit 

Congressional  authorization  to  protect  Americans’  privacy  is  just  plain  wrong.  In  fact, 

our  government  is  obligated  to  ensure  that  programs  and  regulations  do  not  unduly 

jeopardize  an  individual's  right  to  privacy.”21 

The  draft  regulations  include  little  in  terms  of  privacy  safeguards: 

In  summary,  DHS  has  proposed  the  following  privacy  protections  in  its 
implementing  regulations  for  the  REAL  ID  Act:  (1)  The  State-to-State  data 
exchanges  and  the  State  data  query  of  Federal  reference  databases  will  be  State 
operated  and  governed;  (2)  as  part  of  the  State  certification  process,  States  will  be 
required  to  submit  a  comprehensive  security  plan,  including  information  as  to 
how  the  State  implements  fair  information  principles;  and  (3)  while 
acknowledging  the  benefits  of  employing  encryption  of  the  personal  information 
stored  on  the  identification  cards,  we  invite  comment  on  its  feasibility  and  costs 
and  benefits  to  ensure  that  its  costs  do  not  outweigh  the  benefits  to  privacy.22 

DHS’s  statement  that  it  is  constrained  in  its  ability  to  set  privacy  protections  for  the 

REAL  ID  system  is  a  product  of  the  agency's  mistaken  belief  that  security  and  privacy 

are  separate.  Security  and  privacy  are  intertwined;  one  cannot  have  a  secure  system  if 

privacy  safeguards  are  not  created,  as  well.  DHS  stated  that  it  “believes  that  this  language 

[in  the  REAL  ID  Act]  provides  authority  for  it  to  define  basic  security  program 

requirements  to  ensure  the  integrity  of  the  licenses  and  identification  cards.”2*  Because 

DHS  has  the  authority  to  define  basic  security  requirements,  it  also  has  the  authority  to 

set  basic  privacy  safeguards  for  the  REAL  ID  system. 


20  REAL  ID  Draft  Regulations  at  10,825,  supra  note  1. 

21  Joseph  Lieberman,  U.S.  Senator,  Statement  at  a  Hearing  on  Understanding  the  Realities  of  REAL  ID:  A 
Review  of  Efforts  to  Secure  Drivers'  Licenses  and  Identification  Cards  Before  the  Subcomm.  on  Oversight 
of  Gov't  Management,  the  Federal  Workforce  <5  the  District  of  Columbia,  S.  Comm,  on  Homeland  Sec.  & 
Governmental  Affairs,  1 10th  Cong.  (Mar.  26.  2007). 

22  REAL  ID  Draft  Regulations  at  10,826,  supra  note  1. 

23  Id. 
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The  draft  regulations  create  a  national  identification  system  that  affects  245 
million  license  and  cardholders  nationwide,  yet  DHS  is  hesitant  to  ensure  strong  privacy 
safeguards  in  the  system  itself.  DHS  has  the  obligation  to  protect  the  privacy  of  citizens 
affected  by  this  system  and  must  do  more  than  the  feeble  attempts  set  out  in  the  draft 
regulations. 

A.  Privacy  Act  Applies  Under  OMB  Guidelines 
The  Department  of  Homeland  Security  states  that  the  Privacy  Act  of  1974:J 
applies  to  only  one  part  of  the  REAL  ID  system  -  the  Problem  Driver  Pointer  System.25 
However,  the  Privacy  Act  of  1974  applies  to  the  entire  national  identification  system, 
under  guidelines  set  out  by  the  Office  of  Management  and  Budget  (“OMB"’)  and  the 
Department  of  Homeland  Security  itself. 

The  OMB  guidelines  explain  that  the  Privacy  Act  “stipulates  that  systems  of 
records  operated  under  contract  or,  in  some  instances,  State  or  local  governments 
operating  under  Federal  mandate  ‘by  or  on  behalf  of  the  agency  ...  to  accomplish  an 
agency  function'  are  subject  to  . . .  the  Act.”2'1  The  guidelines  also  explain  that  the 
Privacy  Act  “make[s]  it  clear  that  the  systems  ‘maintained'  by  an  agency  are  not  limited 
to  those  operated  by  agency  personnel  on  agency  premises  but  include  certain  systems 
operated  pursuant  to  the  terms  of  a  contract  to  which  the  agency  is  a  party.”2  The  REAL 
ID  system  is  operated  under  a  Federal  mandate  to  accomplish  several  agency  functions, 
including  immigration  control. 


24  5  U.S.C.  §  552a. 

25  REAL  ID  Draft  Regulations  at  10.826.  supra  note  1. 

26  Office  of  Mgmt.  &  Budget,  Privacy  Act  Implementation:  Guidelines  and  Responsibilities,  40  Fed.  Reg. 
28.948,  28,951  (July  9,  1975)  ["OMB  Guidelines"),  available  at 
http://www.whitehouse.20v/omb/inforeg/implementation_suidelines.pdf. 

21  Id. 
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The  REAL  ID  system  is  covered  by  the  Privacy  Act  under  the  Department  of 

Homeland  Security’s  own  policies.  In  a  policy  guidance  memorandum  from  the  agency’s 

Privacy  Office,  defines  "DHS  Information  Systems"  as  “an  Information  System  operated, 

controlled,  or  directed  by  the  U.S.  Department  of  Homeland  Security.  This  definition 

shall  include  information  systems  that  other  entities,  including  private  sector 

organizations,  operate  on  behalf  of  or  for  the  benefit  of  the  Department  of  Homeland 

Security. ”2S  The  national  system  of  interconnected  State  databases  is  “operate[dl  on 

behalf  of  or  for  the  benefit"  of  DHS.  The  Privacy  Office  also  states: 

As  a  matter  of  DHS  policy,  any  personally  identifiable  information  (PII)  that  is 
collected,  used,  maintained,  and/or  disseminated  in  connection  with  a  mixed 
system  by  DHS  shall  be  treated  as  a  System  of  Records  subject  to  the  Privacy  Act 
regardless  of  whether  the  information  pertains  to  a  U.S.  citizen.  Legal  Permanent 
Resident,  visitor,  or  alien. 

It  is  clear  that,  under  both  DHS  and  OMG  guidelines,  the  REAL  ID  national 
identification  system  is  a  system  of  records  subject  to  the  requirements  and  protections  of 
the  Privacy  Act  of  1974. 

B.  Requirements  of  Notice,  Access,  Correction  and  Judicially  Enforceable 
Redress  Must  Be  Mandated 

If  the  Department  of  Homeland  Security  creates  this  system,  the  agency  must 
fully  apply  Privacy  Act  requirements  of  notice,  access,  correction,  and  judicially 
enforceable  redress  to  the  entire  REAL  ID  national  identification  system.  Though  the 
States  are  asked  to  include  provisions  for  notice,  access,  correction  and  redress,  this  is  not 
enough.  The  Privacy  Act  protections  must  be  mandated  in  the  REAL  ID  implementation 
regulations. 


28  Privacy  Office,  Dep’t  of  Homeland  Sec.,  Privacy  Policy  Guidance  Memorandum  2  (Jan.  19,  2007), 
available  at  http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2007-l  .pdf. 

25  Id.  at  I . 
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When  it  enacted  the  Privacy  Act  in  1974,  Congress  sought  to  restrict  the  amount 
of  personal  data  that  Federal  agencies  could  collect  and  required  agencies  to  be 
transparent  in  their  information  practices.'0  In  2004,  the  Supreme  Court  underscored  the 
importance  of  the  Privacy  Act’s  restrictions  upon  agency  use  of  personal  data  to  protect 
privacy  interests,  noting  that: 

“[I]n  order  to  protect  the  privacy  of  individuals  identified  in  information  systems 
maintained  by  Federal  agencies,  it  is  necessary  ...  to  regulate  the  collection, 
maintenance,  use,  and  dissemination  of  information  by  such  agencies.”  Privacy 
Act  of  1974,  §2(a)(5),  88  Stat.  1896.  The  Act  gives  agencies  detailed  instructions 
for  managing  their  records  and  provides  for  various  sorts  of  civil  relief  to 
individuals  aggrieved  by  failures  on  the  Government’s  part  to  comply  with  the 
requirements." 

The  Privacy  Act  is  intended  "“to  promote  accountability,  responsibility,  legislative 
oversight,  and  open  government  with  respect  to  the  use  of  computer  technology  in  the 
personal  information  systems  and  data  banks  of  the  Federal  Government!.]”32  It  is  also 
intended  to  guard  the  privacy  interests  of  citizens  and  lawful  permanent  residents  against 
government  intrusion.  Congress  found  that  "the  privacy  of  an  individual  is  directly 
affected  by  the  collection,  maintenance,  use,  and  dissemination  of  personal  information 
by  Federal  agencies,”  and  recognized  that  "the  right  to  privacy  is  a  personal  and 
fundamental  right  protected  by  the  Constitution  of  the  United  States.”33  It  thus  sought  to 
“provide  certain  protections  for  an  individual  against  an  invasion  of  personal  privacy”  by 
establishing  a  set  of  procedural  and  substantive  rights.34 

We  support  the  Department  of  Homeland  Security’s  requirement  that  the  States 
must  include  in  their  "comprehensive  security  plan"  an  outline  of  "how  the  State  will 


.10 

31 

32 

33 

34 


S.  Rep.  No.  93-1 183  at  1  (1974). 

Doe  v.  Chao,  540  U.S.  6 1 4.  6 1 8  (2004). 
S.  Rep.  No.  93-1 183  at  1. 

Pub.  L.  No.  93-579  (1974). 

Id. 
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protect  the  privacy  of  personal  information  collected,  disseminated  or  stored  in 
connection  with  the  issuance  of  REAL  ID  licenses  from  unauthorized  access,  misuse, 
fraud,  and  identity  theft”  and  that  the  State  has  followed  the  Fair  Information  Practices 
(these  are  practices,  not  principles,  as  listed  in  the  draft  regulations),  which  "call  for 
openness,  individual  participation  (access,  correction,  and  redress),  purpose  specification, 
data  minimization,  use  and  disclosure  limitation,  data  quality  and  integrity,  security 
safeguards,  and  accountability  and  auditing.”3'  However,  this  is  not  enough.  The  agency 
must  mandate  minimum  security  and  privacy  safeguards,  which  the  states  should  build 
upon,  to  protect  individuals  and  their  personal  information.  Also,  there  must  be  standards 
for  the  issue  of  redress.  How  will  redress  be  adjudicated  if  one  State  includes  erroneous 
information  in  an  individual’s  file  and  passes  that  information  on  to  another  State?  Will 
the  individual  have  to  petition  both  States  separately  for  redress?  Will  neither  State 
process  the  redress,  because  each  believes  it  to  be  the  responsibility  of  the  other?  The 
right  of  redress  must  be  judicially  enforceable. 

The  right  of  redress  is  internationally  recognized.  The  Organization  for  Economic 
Co-operation  and  Development  (OECD)  Guidelines  on  the  Protection  of  Privacy  and 
Transborder  Flows  of  Personal  Data  recognize  that  “the  right  of  individuals  to  access  and 
challenge  personal  data  is  generally  regarded  as  perhaps  the  most  important  privacy 
protection  safeguard.”36  The  rights  of  access  and  correction  are  central  to  what  Congress 
sought  to  achieve  through  the  Privacy  Act: 

35  REAL  ID  Draft  Regulations  at  10.826.  supra  note  1. 

36  The  OECD  Privacy  Guidelines  of  1980  apply  to  "personal  data,  whether  in  the  public  or  private  sectors, 
which,  because  of  the  manner  in  which  they  are  processed,  or  because  of  their  nature  or  the  context  in 
which  they  are  used,  pose  a  danger  to  privacy  and  individual  liberties.”  Org.  for  Econ.  Co-operation  & 

Dev.,  Guidelines  Governing  the  Protection  of  Privacy  and  Trans-Border  Flow  of  Personal  Data,  OECD 
Doc.  58  final  at  Art.  3(a)  (Sept.  23,  1980),  reprinted  in  M.  Rotenberg  Ed.,  The  Privacy  Law 
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The  committee  believes  that  this  provision  is  essential  to  achieve  an  important 
objective  of  the  legislation:  Ensuring  that  individuals  know  what  Federal  records 
are  maintained  about  them  and  have  the  opportunity  to  correct  those  records.  The 
provision  should  also  encourage  fulfillment  of  another  important  objective: 
maintaining  government  records  about  individuals  with  such  accuracy,  relevance, 
timeliness,  and  completeness  as  is  reasonably  necessary  to  assure  fairness  to 
individuals  in  making  determinations  about  them.-7 

The  Privacy  Act  requirements  that  an  individual  be  permitted  access  to  personal 

information,  that  an  individual  be  permitted  to  correct  and  amend  personal  information, 

and  that  an  agency  assure  the  reliability  of  personal  information  for  its  intended  use  must 

be  applied  to  the  entire  REAL  ID  national  identification  system.  Full  application  of  the 

Privacy  Act  requirements  to  government  record  systems  is  the  only  way  to  ensure  that 

data  is  accurate  and  complete,  which  is  especially  important  in  this  context,  where 

mistakes  and  misidentifications  are  costly. 

IV.  REAL  ID  Cards  Must  Not  Denote  Citizenship  Status 

DHS  is  considering  using  the  REAL  ID  card  in  the  Western  Hemisphere  Travel 
Initiative  border  security  program.  For  the  REAL  ID  card  to  be  compliant  under  the 
program,  it  would  need  to  include  long-range  RFID  technology,  discussed  below,  and 
“the  State  would  have  to  ensure  that  the  State-issued  REAL  ID  driver’s  license  or 
identification  card  denoted  citizenship. "1K  It  cannot  be  stressed  strongly  enough:  REAL 
ID  cards  must  not  include  citizenship  status.  If  REAL  ID  cards  were  to  signify 
citizenship,  there  would  be  intense  scrutiny  of  and  discrimination  against  individuals  who 
chose  not  to  carry  the  national  identification  card  and  those  who  “look  foreign." 


SOURCEBOOK  2004  395  (EPIC  2005.  The  OECD  Privacy  Guidelines  require,  among  other  things,  that  there 
should  be  limitations  on  the  collection  of  information;  collection  should  be  relevant  to  the  purpose  for 
which  it  is  collected;  there  should  be  a  policy  of  openness  about  the  information’s  existence,  nature, 
collection,  maintenance  and  use;  and  individuals  should  have  rights  to  access,  amend,  complete,  or  erase 
information  as  appropriate.  Id. 

,7H.R.  Rep.  No.  93-1416  at  15(1974). 

18  REAL  ID  Draft  Regulations  at  10.842,  supra  note  I. 
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V.  Standards  for  ID  Documents  Would  Burden  Many  Individuals 

Under  the  REAL  ID  Act,  States  are  required  to  obtain  and  verify  documents  from 
applicants  that  establish  “(1)  The  applicant’s  identity,  through  a  photo  identity  document, 
or  a  non-photo  identity  document  that  includes  full  legal  name  and  date  of  birth  if  a  photo 
identity  document  is  not  available;  (2)  Date  of  birth;  (3)  Proof  of  SSN  or  ineligibility  for 
an  SSN;  (4)  The  applicant's  address  of  principal  residence;  and  (5)  Lawful  status  in  the 
United  States.”39  Under  the  regulations,  the  only  documents  that  could  be  accepted  by  the 
states  to  issue  these  new  identity  cards  would  be:  (1)  valid  unexpired  U.S.  passport  or  the 
proposed  passport  card  under  the  Western  Hemisphere  Travel  Initiative;  (2)  certified 
copy  of  a  birth  certificate;  (3)  consular  report  of  birth  abroad;  unexpired  permanent 
resident  card;  unexpired  employment  authorization  document;  (4)  unexpired  foreign 
passport  with  valid  U.S.  visa  affixed;  (5)  U.S.  certificate  of  citizenship;  U.S.  certificate  of 
naturalization;  or  (6)  REAL  ID  driver’s  license  or  identification  card  (issued  in 
compliance  with  the  final  regulations).40 

The  difficult  standards  for  acceptable  identification  documents  would  limit  the 
ability  of  some  individuals  to  get  a  state  driver’s  license.  There  are  questions  as  to 
whether  some  citizens  could  produce  these  documents,  among  them  Native  Americans, 
victims  of  natural  disasters,  domestic  violence  victims,  the  homeless,  military  personnel, 
or  elderly  individuals.41  We  applaud  the  Department  of  Homeland  Security  for  attempting 
to  resolve  this  problem  by  allowing  the  States  to  voluntarily  create  an  exceptions  process 
for  extraordinary  circumstances.  However,  though  DHS  set  minimum  standards  for  data 

39  Id.  at  10,827. 

40  Id.  at  10,827-28. 

41  See  Domestic  Violence  discussion,  infra  Section  XI  (how  domestic  violence  victims  will  be  harmed  by 
the  standards);  see  Data  Verification  discussion,  infra  Section  VI  (general  problems  with  the  standards). 
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collection,  retention  and  documentation  of  the  transaction,  the  agency  did  not  set 
minimum  standards  for  eligibility,  length  of  process,  or  cost  of  process.4’  DHS  states  that 
persons  born  before  1935  might  not  have  been  issued  birth  certificates,  so  they  might  be 
eligible  for  the  exceptions  process.4'  Otherwise,  there  is  nothing  that  explains  to  either 
States  or  individuals  how  they  could  prove  eligibility,  how  long  the  process  would  take 
(days,  weeks,  months  or  even  years),  or  if  they  could  even  afford  the  cost  of  the 
exceptions  process. 

VI.  Data  Verification  Procedures  Are  Based  on  Faulty  Premises 
The  data  verification  procedures  mandated  by  the  draft  regulations  are  based  on 
faulty  premises:  DHS  relies  on  non-existing,  unavailable  or  incomplete  databases  and  the 
mistaken  belief  that  DMV  workers  can  or  should  be  turned  into  Federal  immigration 
officers.  Each  assumption  creates  more  problems  in  the  Department  of  Homeland 
Security’s  attempt  to  create  a  fundamentally  flawed  national  identification  system. 

A.  DHS  Relies  on  Verification  Databases  That  Are  Not  Available 
Under  REAL  ID,  the  states  must  verify  applicant  documents  and  data  with  the 
issuing  agency.  DHS  states  that,  “[f]or  individual  States  to  verify  information  and 
documentation  provided  by  applicants,  each  State  must  have  electronic  access  to  multiple 
databases  and  systems  ....  Secure  and  timely  access  to  trusted  data  sources  is  a 
prerequisite  for  effective  verification  of  applicant  data."44  Yet,  beyond  the  national 
identification  system  created  by  the  State-to-State  data  exchange,  two  of  four  verification 
systems  required  are  not  available  on  a  nationwide  basis  and  third  does  not  even  exist. 


42  REAL  ID  Draft  Regulations  at  10,834,  supra  note  I. 

43  Id.  at  10,822. 

44  Id.  at  10,833. 
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The  database  systems  the  States  are  required  to  verify  applicant  information 
against  are:  (1)  Electronic  Verification  of  Vital  Events  (“EWE”),  for  birth  certificate 
verification;  (2)  Social  Security  On-Line  Verification  (“SSOLV”),  for  Social  Security 
Number  verification;  (3)  Systematic  Alien  Verification  for  Entitlements  (“SAVE”),  for 
immigrant  status  verification;  and  (4)  a  Department  of  State  system  to  verify  data  from 
“U.S.  Passports,  Consular  Reports  of  Birth,  and  Certifications  of  Report  of  Birth.”45 

The  only  system  that  is  available  for  nationwide  deployment  is  SSOLV,  and  a 
survey  of  States  by  the  National  Governors  Association  found  that  even  this  database 
would  need  substantial  improvements  to  be  able  to  handle  the  workload  that  would  be 
needed  under  REAL  ID.46  EWE  is  currently  in  pilot  phase  and  only  five  states  are 
participating.4  Yet  DHS  bases  its  requirements  on  the  assumption  that  EWE  will  be 
ready  for  nationwide  expansion  by  the  implementation  deadline  May  2008.41'  The 
executive  director  of  the  organization  overseeing  the  database  has  announced  that  EWE 
will  not  be  ready  by  May  2008  and  the  system  may  not  be  ready  by  the  extended 
implementation  deadline  of  December  2009.49 

DHS  admits  that  only  20  states  are  using  SAVE,  and  that  the  planned  connection 
between  SAVE  and  another  database  for  foreign  student  status  verification  (Student  and 
Exchange  Visitor  Information  System,  “SEVIS”)  may  not  be  completed  by  the 


45  Id.  at  10,830-35;  Electronic  Verification  of  Vital  Events  (“EWE")  is  also  called  Electronic  Verification 
of  Vital  Event  Records  (“EWER")  in  some  federal  documents. 

46  Nat’l  Governors  Ass’n,  et.  al.  The  REAL  ID  Ad:  National  Impad  Analysis  (Sept.  19,  2006)  [“Governors’ 
Analysis”],  available  at  http://www.nga.org/Files/pdf/0609REALID.PDF. 

47  Nat'l  Ass’n  for  Public  Health  Statistics  &  Info.  Systems,  Electronic  Verification  of  Vital  Events  (EWE), 
http://www.naphsis.org/projects/index.asp?bid=403. 

4N  REAL  ID  Draft  Regulations  at  10,831.  supra  note  1. 

49  Eleanor  Stables,  Multi-Billion  Dollar  Real  ID  Program  May  Be  Stymied  Due  to  $3  Million  Shortfall,  CQ, 
Mar.  15,2007. 
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implementation  deadline  of  May  2008.'"  The  State  Department  system  to  verify  passports 
and  some  reports  of  births  has  not  even  been  created,  but  DHS  bases  its  mandates  on  the 
assumption  that  the  system  “is  eventually  developed.'"1 

B.  DMV  Workers  Cannot  and  Should  Not  Become  Immigration  Officials 
Under  the  regulations.  State  DMV  employees  would  need  to  authenticate  license 
and  identification  card  applicants’  source  documents,  which  means  the  employees  would 
be  required  to  physically  inspect  the  documents  and  “verify!]  that  the  source  document 
presented  under  these  regulations  is  genuine  and  has  not  been  altered.”52  These  source 
documents  are:  (1)  valid  unexpired  U.S.  passport  or  the  proposed  passport  card  under  the 
Western  Hemisphere  Travel  Initiative;  (2)  certified  copy  of  a  birth  certificate;  (3) 
consular  report  of  birth  abroad;  unexpired  permanent  resident  card;  unexpired 
employment  authorization  document;  (4)  unexpired  foreign  passport  with  valid  U.S.  visa 
affixed;  (5)  U.S.  certificate  of  citizenship;  U.S.  certificate  of  naturalization;  or  (6)  REAL 
ID  driver’s  license  or  identification  card  (issued  in  compliance  with  the  final 
regulations).55 

State  DMV  employees  would  be  required  to  verify  these  documents,  including 
Federal  immigration  documents,  though  they  have  no  training  to  do  so.  DHS 
contemplates  this  problem  and  seeks  to  solve  it  by  requiring  that  DMV  employees 
handling  source  documents  undergo  12  hours  of  "fraudulent  document  recognition” 
training.54  A  review  of  the  Social  Security  Administration  found  that  staff  had  difficulty 
recognizing  counterfeit  documents,  though  it  is  their  primary  job  to  verify  these 

50  REAL  ID  Draft  Regulations  at  10.833.  supra  note  1. 

51  Id.  at  10,832. 

52  Id.  at  10,850. 

53  Id.  at  10,827-28. 

54  Regulatory  Evaluation  at  1 22,  supra  note  1 8. 
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documents  before  issuing  SSN.  For  example,  the  Government  Accountability  Office 
review  reported  difficulty  with  detection  of  fraudulent  birth  certificates.  In  one  case,  a 
fake  in-state  birth  certificate  was  detected,  but  “SSA  staff  acknowledged  that  if  a 
counterfeit  out-of-state  birth  certificate  had  been  used,  SSA  would  likely  have  issued  the 
SSN  because  of  staff  unfamiliarity  with  the  specific  features  of  numerous  state  birth 
certificates.”55  It  is  questionable  how  well  State  DMV  employees  would  be  able  to  spot 
fraudulent  documents,  especially  documents  as  rarely  seen  as  consular  reports  of  birth 
abroad,  with  merely  12  hours  of  training  when  it  is  difficult  for  counterfeit  documents  to 
be  spotted  by  federal  employees  whose  primary  job  is  verification  of  source  documents. 
Also,  if  a  State  DMV  employee  determines  that  an  applicant’s  source  documents  are 
fraudulent,  where  could  the  applicant  turn?  No  redress  procedure  has  been  created.5'’ 

VII.  Minimum  Data  Elements  on  MRT  Must  Remain  Minimum 

Under  REAL  ID,  the  following  amount  of  information,  at  a  minimum,  must  be  on 
the  REAL  ID  card:  (1)  full  legal  name;  (2)  date  of  birth;  (3)  gender;  (4)  driver’s  license  or 
identification  card  number;  (5)  digital  photograph  of  the  person;  (6)  address  of  principal 
residence;  (7)  signature;  (8)  physical  security  features;  (9)  a  common  machine  readable 
technology,  with  defined  minimum  data  elements;  and,  (10)  card  issue  and  expiration 
date.57  The  REAL  ID  card  will  include  a  2D  barcode  as  its  machine  readable  technology. 
To  protect  privacy  and  improve  security,  this  machine  readable  technology  must  either 
include  encryption,  which  is  recommended  by  the  DHS  Privacy  Office,  or  access  must  be 
limited  in  some  other  form.  Leaving  the  machine  readable  zone  open  would  allow 

55  Gov’t  Accountability  Office,  Social  Security  Administration:  Actions  Taken  to  Strengthen  Procedures  for 
Issuing  Social  Security  Numbers  to  Noncitizens,  but  Some  Weaknesses  Remain,  GAO-04- 12  (Oct.  2003), 
available  at  http://www.gao.gov/cgi-bin/getrpt7GAO-04-12. 

56  See  Privacy  Act  discussion,  supra  Section  III. 

57  REAL  ID  Draft  Regulations  at  10.8435,  supra  note  1. 
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unfettered  third-party  access  to  the  data  and  leave  245  million  license  and  cardholders 
nationwide  at  risk  for  individual  tracking. 

A.  Access  to  Data  Must  Be  Limited 

Under  the  required  changes  to  the  design  of  State  licenses  and  identification 
cards,  DHS  states  the  card  must  include  “[pjhysical  security  features  designed  to  prevent 
tampering,  counterfeiting,  or  duplication  of  the  document  for  fraudulent  purpose"  and 
“common  [machine-readable  technology],  with  defined  minimum  data  elements.”5*  The 
Federal  agency  will  require  the  use  of  a  two-dimensional  bar  code,  but  will  not  require 
the  use  of  encryption.  Though  Homeland  Security  lays  out  the  privacy  and  security 
problems  associated  with  creating  an  unencrypted  machine  readable  zone  on  the  license, 
it  does  not  require  encryption  because  there  are  concerns  about  “operational 
complexity.”59 

The  Department  of  Homeland  Security’s  own  Privacy  Office  has  urged  the  use  of 
encryption  in  REAL  ID  cards.  In  its  Privacy  Impact  Assessment  of  the  draft  regulations, 
the  Privacy  Office  supported  encryption  "because  2D  bar  code  readers  are  extremely 
common,  the  data  could  be  captured  from  the  driver’s  licenses  and  identification  cards 
and  accessed  by  unauthorized  third  parties  by  simply  reading  the  2D  bar  code  on  the 
credential”  if  the  data  is  left  unencrypted.60  DHS  says  that,  “while  cognizant  of  this 
problem,  DHS  believes  that  it  would  be  outside  its  authority  to  address  this  issue  within 


58  Id.  at  10,835. 

59  Id.  at  10,826. 

60  Dep't  of  Homeland  Sec.  Privacy  Office.  Privacy  Impact  Assessment  for  the  REAL  ID  Act  1 6  (Mar.  1 , 
2007)  [“Privacy  Impact  Assessment  of  Draft  Regulations"],  available  at 
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_realid.pdf  and 
http://www.epic.org/privacy/id_cards/pia_030107.pdf. 
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this  rulemaking.”61  As  we  have  previously  stated.  DHS  has  the  obligation  to  protect  the 
privacy  of  individuals  from  whom  they  collect  data,  and  the  agency  should  not  abdicate 
this  responsibility.62  Imposing  a  requirement  for  the  States  to  use  unencrypted  machine 
readable  technology  renders  the  cardholder  unable  to  control  who  receives  her  data. 

If,  however,  the  agency  determines  that  it  will  not  use  encryption  because  of 
concerns  about  the  complexity  of  public  key  regulation,  there  is  another  approach  that 
would  better  protect  the  privacy  of  individuals  than  unfettered  access  to  the  machine 
readable  zone.  We  suggest  that  no  personal  data  be  placed  on  the  machine  readable  zone. 
Instead,  place  a  new  identifier  that  is  unused  elsewhere  (i.e.,  not  the  driver’s  license 
number  or  Social  Security  Number).  This  unique  identifier  will  "point”  to  the  records  in 
the  national  database.  Access  to  the  database  can  be  controlled  by  password  and 
encryption  security,  because  it  is  easier  to  regulate  public  keys  in  this  scenario.  Also,  the 
State  should  ensure  that  a  new  unique  identifier  is  created  each  time  the  machine  readable 
zone  is  renewed  or  reissued,  in  order  to  make  the  identifier  less  useful  as  an  everyday  ID 
number  -  people  would  not  be  forever  linked  to  this  identifier.  This  approach  would 
improve  data  security  and  privacy. 

It  is  possible  to  use  a  “pointer”  system  in  the  machine  readable  zone,  because  the 
REAL  ID  Act  did  not  set  out  what  minimum  document  requirements  on  the  machine 
readable  zone  need  to  be.  The  Act  reads,  “(9)  a  common  machine-readable  technology, 
with  defined  minimum  data  elements.”6'  Also,  in  the  draft  regulations.  DHS  requests 
comments  on  “[w]hether  the  data  elements  currently  proposed  for  inclusion  in  the 

61  REAL  ID  Draft  Regulations  at  10,837,  supra  note  I . 

62  See  Privacy  Act  discussion,  supra  Section  III  (federal  agencies  have  the  obligation  to  protect  the  privacy 
rights  of  individuals  from  whom  they  collect  information). 

63  Pub.  L.  No.  109-13,  1 19  Stat.  231, 312,  §  202(b)(9)  (2005). 
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machine  readable  zone  of  the  driver's  license  or  identification  card  should  be  reduced  or 


expanded.”64  We  recommend  against  putting  any  personal  data  on  the  machine  readable 
zone  and  only  placing  this  unique  identifier.  In  this  way.  access  to  the  data  can  be  more 
tightly  controlled. 

DHS  is  required  to  include  security  protections  on  the  REAL  ID  card.  Under  the 
REAL  ID  Act,  the  card  must  include  '‘(8)  Physical  security  features  designed  to  prevent 
tampering,  counterfeiting,  or  duplication  of  the  document  for  any  fraudulent  purpose.”6* 

If  DHS  does  not  seek  to  limit  access  to  the  data  on  the  REAL  ID  card,  then  it  is  signaling 
that  it  is  acceptable  for  third  parties  to  download,  access  and  store  the  data  for  purposes 
beyond  the  three  official  purposes  set  out  in  the  draft  regulations:  “accessing  Federal 
facilities,  boarding  commercial  aircraft,  and  entering  nuclear  power  plants.”66  Though 
DHS  has  contemplated  expanding  the  uses  for  the  REAL  ID  card,  such  an  expansion 
would  harm  both  individual  privacy  and  security  and  quickly  turn  the  United  States  into  a 
country  where  the  national  identification  card  is  involuntarily  carried  by  everyone. 

B.  Unfettered  Data  Access  Threatens  Individual  Privacy 

If  personal  data  is  placed  on  the  machine  readable  zone  of  the  REAL  ID  card, 
then  access  to  this  data  must  be  limited  or  individual  privacy  will  be  threatened. 

Unlimited  access  to  this  data  will  allow  unauthorized  third  parties  to  download,  access 
and  store  the  personal  data  of  any  REAL  ID  cardholder. 

The  REAL  ID  Act  mandates  that  the  REAL  ID  card  include  “(8)  Physical  security 
features  designed  to  prevent  tampering,  counterfeiting,  or  duplication  of  the  document  for 


64  REAL  ID  Draft  Regulations  at  10,842,  supra  note  I . 

65  Pub.  L.  No.  109-13,  1 19  Stat.  231, 312,  §  202(b)(8)  (2005). 

66  REAL  ID  Draft  Regulations  at  10,823,  supra  note  I . 
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any  fraudulent  purpose.”6  Allowing  universal  access  to  personal  data  contained  on  the 
REAL  ID  card  would  facilitate  identity  theft  and  security  breaches.  In  the  privacy  impact 
assessment  of  the  draft  regulations,  the  Department  of  Homeland  Security  Privacy  Office 
urges  encryption  for  the  REAL  ID  machine  readable  zone.  It  explains  that  unsecured 
digital  data  raises  the  risk  of  “skimming,”  where  one  “expos[es]  the  information  stored  on 
the  credential  to  unauthorized  collection. This  risk  is  not  theoretical,  the  Privacy  Office 
says,  because  “[r]eaders  for  the  2D  bar  code  are  readily  available  for  purchase  on  the 
Internet  and  at  a  very  low  cost,  which  permits  unauthorized  third  parties  to  skim  the 
information  for  their  own  business  needs  or  to  sell  to  other  third  parties.”69  Such 
skimming  is  often  done  without  the  individual's  knowledge  or  consent. 

A  recent  case  illustrates  the  security  threat  posed  by  open  access  to  personal  data 
on  a  machine  readable  technology.  Last  month.  New  York  prosecutors  charged  thirteen 
people  in  a  counterfeiting  ring  where  restaurant  servers  on  the  East  Coast  (from 
Connecticut  to  Florida)  skimmed  data  from  customers’  credit  cards.71'  “They  used  small 
hand-held  devices,  about  the  size  of  a  cigarette  package  that  could  be  kept  in  a  pocket,  to 
record  information  encoded  in  the  magnetic  strips  of  credit  cards.”71  For  a  year  and  a  half, 
the  illegally  gathered  data  was  used  to  create  fake  credit  cards  and  buy  merchandise  that 
the  criminals  resold.77  The  financial  data  was  easily  accessed,  downloaded  and  misused 
by  the  criminals  because  anyone  with  a  skimmer  device  was  able  to  read  the  unprotected 
machine  readable  zones. 


67 

68 

69 

70 

71 

72 


Pub.  L.  No.  109-13,  1 19  Stat.  231. 312,  §  202(b)(8)  (2005). 

Privacy  Impact  Assessment  of  Draft  Regulations  at  14. 

Privacy  Impact  Assessment  of  Draft  Regulations  at  14. 

Anemona  Hartocollis,  $3  Million  Lost  to  Fraud  Ring,  Authorities  Say,  N.Y.  Times,  April  21, 2007. 


Id. 

Id. 
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Some  States  are  already  facing  problems  with  unauthorized  parties  accessing 
license  and  ID  card  data.  California,  Nebraska,  New  Hampshire,  and  Texas  have  laws 
restricting  the  skimming  of  such  data.  '  In  November,  the  New  Jersey  Motor  Vehicle 
Commission  sent  letters  to  bar,  restaurant  and  retail  organizations  explaining  that  they 
must  stop  scanning  and  downloading  their  patrons’  license  data.  4  Such  actions  violate  the 
state  Digital  Driver  License  Act,  as  well  as  the  state  and  federal  Drivers  Privacy 
Protection  Acts,  according  to  the  commission.7'  Yet  at  least  one  establishment  expressed 
reluctance  to  stop  downloading  and  storing  their  customers’  personal  data,  even  in  the 
face  of  legal  action  from  the  State.76  Today,  different  States  have  different  ID  cards  with  a 
variety  of  data  and  security  features.  Imagine  what  would  happen  if  245  million  cards 
nationwide  had  personal  data  in  the  exact  same  open  access  format. 

When  a  person  hands  over  her  license  or  ID  card  today,  the  data  is  not  routinely 
downloaded  and  stored.  A  grocery  store  clerk  or  club  bouncer  usually  merely  looks  at  the 
card,  verifies  age  or  address,  and  then  hands  the  card  back  to  the  individual.  No 
transaction  is  recorded.  However,  universal  access  to  the  machine  readable  zone  of  the 
REAL  ID  card  would  allow  the  data  to  be  downloaded,  stored  and  transferred  without  the 
knowledge  or  permission  of  the  individual  cardholder.  A  digital  transaction  would  be 
recorded  and  a  digital  trail  could  be  created. 

For  example,  let’s  follow  Douglas  Osborne  for  one  weekend  in  the  near  future,  if 
the  national  identification  system  is  created  and  the  machine  readable  zone  left  open  for 
universal  access.  On  Friday  night,  Doug  went  to  Eighteenth  Street  Lounge  at  8  p.m.  with 

7!  Privacy  Impact  Assessment  of  Draft  Regulations  at  15. 

74  Ian  T.  Shearn,  License  scanning  is  illegal,  stale  says.  Star- Led cer  (NJ),  Nov.  23,  2006. 

15  Id. 
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four  friends,  where  their  REAL  ID  cards  were  scanned  and  their  personal  data  accessed 
and  stored.  At  9:35  p.m.,  he  went  to  Club  Five  with  the  same  four  friends,  where  their 
REAL  ID  cards  were  scanned  and  their  personal  data  accessed  and  stored.  On  Saturday 
afternoon,  Doug  bought  two  six-packs  of  Harpoon  beer  at  12:27  p.m.  at  a  Safeway  in 
Capitol  Hill,  where  Doug's  REAL  ID  data  was  scanned  and  stored.  On  Saturday  night, 
Doug  and  two  friends  took  the  5: 10  flight  to  Atlantic,  where  their  cards  were  scanned  and 
their  information  stored.7  At  1 1:37  p.m.,  Doug  and  his  two  friends  checked  into  a  hotel, 
where  their  ID  cards  were  scanned  and  their  data  downloaded.  On  Sunday  morning,  one 
of  Doug’s  friends  buys  cigarettes  at  a  casino,  and  his  REAL  ID  is  scanned  and  his  data 
stored  at  1 1 :04  a.m.  The  digital  trail  could  continue  indefinitely.  Individuals  could  easily 
be  tracked  from  location  to  location  as  they  went  about  their  daily  lives.  Add  to  the 
REAL  ID  trail  the  information  that  could  be  gleaned  from  individuals’  credit  card 
transactions,  and  you  have  complete  consumer  profiles  for  which  many  companies  would 
pay  dearly. 

DHS  must  include  in  restrictions  against  the  addition  of  data  beyond  that  defined 
in  the  REAL  ID  Act.  To  allow  additional  data  on  the  machine  readable  zone  is  to  increase 
the  likelihood  of  the  REAL  ID  card  becoming  the  default  identification  documents  for 
everyday  transactions;  this  would  increase  the  incentive  for  third  parties  to  gather  and 
store  individuals’  data,  and  substantially  increase  the  card's  value  to  marketers  and 
criminals.  Expansion  of  the  data  collected,  uses  allowed,  and  users  authorized  would 
greatly  increase  both  threats  to  the  security  and  privacy  of  personal  data. 


77  “Because  REAL  IDs  use  a  common  MRT,  the  Transportation  Security  Administration  (TSA)  considered 
requiring  the  use  of  machine  readers  on  REAL  IDs  at  airports.  At  this  time  TSA  has  rejected  [the  plan]’’ 
(emphasis  added).  Regulatory  Evaluation  at  58,  supra  note  1 8. 
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C.  Use  of  RFID  Technology  Increases  Vulnerability  of  Data 

DHS  contemplates  using  the  REAL  ID  system  as  part  of  its  Federal  border 
security  program  and  requested  comments  on  how  States  could  incorporate  long-range 
radio  frequency  identification  (“RFID”)  technology  into  the  REAL  ID  card  so  that  it 
could  be  used  as  part  of  the  Western  Hemisphere  Travel  Initiative.  s  Many  groups  have 
urged  against  the  use  of  RFID  technology  in  identification  documents.  There  are 
significant  privacy  and  security  risks  associated  with  the  use  of  RFID-enabled 
identification  cards,  particularly  if  individuals  are  not  able  to  control  the  disclosure  of 
identifying  information.  The  Department  of  State  recognized  these  security  and  privacy 
threats  and  changed  its  E-Passport  proposal  because  of  them;  the  Department  of 
Homeland  Security  ("DHS")  has  just  abandoned  a  plan  to  include  RFID  chips  in  border 
identification  documents  because  the  pilot  test  was  a  failure;  and  both  the  Department  of 
Homeland  Security’s  Data  Privacy  and  Integrity  Advisory  Committee  and  the 
Government  Accountability  Office  recently  cautioned  against  the  use  of  RFID 
technology  in  identification  documents. 

Privacy  and  security  risks  associated  with  RFID-enabled  identification  cards 
include  “skimming”  and  "eavesdropping.”  Skimming  occurs  when  an  individual  with 
unauthorized  RFID  reader  gathers  information  from  an  RFID  chip  without  the 
cardholder’s  knowledge.  Eavesdropping  occurs  when  an  unauthorized  individual 
intercepts  data  as  it  is  read  by  an  authorized  RFID  reader.  In  the  absence  of  effective 
security  techniques,  RFID  tags  are  remotely  and  secretly  readable.  Although  the  creation 

78  REAL  ID  Draft  Regulations  at  10.842.  supra  note  1 ;  see  EPIC.  Spotlight  on  Surveillance.  Homeland 
Security  PASS  Card:  Leave  Home  Without  It  (Aug.  2006), 

http://www.epic.org/privacy/surveillance/spotlight/0806/  (why  the  Western  Hemisphere  Travel  Initiative’s 
proposed  passport  card  creates  security  threats);  EPIC's  Page  on  Radio  Frequency  Identification  (RFID) 
Systems,  http://www.epic.org/privacy/rfid/. 
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of  a  small,  easily  portable  RFID  reader  may  be  complex  and  expensive  now,  it  will  be 
easier  as  time  passes.  For  example,  the  distance  necessary  to  read  RFID  tags  was  initially 
thought  to  be  a  few  inches.  In  the  now-abandoned  pilot  test,  the  Department  of  Homeland 
Security  said,  “reliable  reads  can  be  received  from  a  few  inches  to  as  much  as  30  feet 
away  from  the  reader.  ”7<'  Other  tests  also  have  shown  that  RFID  tags  can  be  read  from  70 
feet  or  more,  posing  a  significant  risk  of  unauthorized  access.80 

Some  attacks  already  have  succeeded  against  so-called  “strengthened” 
identification  documents.  In  one  case,  a  computer  expert  was  able  to  clone  the  United 
Kingdom's  electronic  passport  by  using  a  commercially  available  RFID  reader  (which 
cost  less  than  $350)  and  software  that  took  him  less  than  a  couple  of  days  to  write.81  In 
assessing  the  new  RFID-enabled  U.S.  passports,  one  expert  cloned  the  RFID  tag  and 
another  used  characteristics  of  the  radio  transmissions  to  identify  individual  chips,  and 
those  researchers  spent  only  a  few  weeks  attacking  the  RFID-enabled  passports.82 

Another  security  risk  of  RFID-enabled  identification  cards  is  that  of  clandestine 
tracking.  An  unauthorized  RFID  reader  could  be  constructed  to  mimic  the  authorized 
signal  and  then  be  used  to  secretly  read  the  RFID  tag  embedded  in  the  identification  card. 
The  Government  Accountability  Office  has  highlighted  this  security  problem  unique  to 
wireless  technology: 

The  widespread  adoption  of  the  technology  can  contribute  to  the  increased 
occurrence  of  these  privacy  issues.  As  previously  mentioned,  tags  can  be  read  by 
any  compatible  reader.  If  readers  and  tags  become  ubiquitous,  tagged  items 

79  Dep't  of  Homeland  Sec..  Notice  with  request  for  comments.  70  Fed.  Reg.  44934.  44395  (Aug.  5.  2005), 
available  at  http://frwebgate  1  .access.gpo.gov/cgi- 

bin/waisgate.cgi?WAISdocID=02 1 420363270+2+0 +0&WAISaction=retrieve. 

80 See  Ziv  Kfir  and  Avishai  Wool,  Picking  Virtual  Pockets  using  Relay  Attacks  on  Contactless  Smartcard 
Systems  (Feb.  22,  2005),  available  at  http://eprint.iacr.org/2005/052;  Scott  Bradner,  An  RFID  warning  shot. 
Network  World,  Feb.  7,  2005. 

81  Steve  Boggan,  Special  Report:  Identity  Cards:  Cracked  It!.  Guardian,  Nov.  17.  2006. 

82  Bruce  Schneier.  Opinion.  The  ID  Chip  You  Don't  Want  in  Your  Passport.  Wash.  Post,  Sept.  16,  2006. 
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carried  by  an  individual  can  be  scanned  unbeknownst  to  that  individual.  Further, 
the  increased  presence  of  readers  can  provide  more  opportunities  for  data  to  be 
collected  and  aggregated.*  ' 

So  long  as  the  RFID  tag  or  chip  can  be  read  by  unauthorized  individuals,  the  person 
carrying  that  tag  can  be  distinguished  from  any  other  person  carrying  a  different  tag. 
Individuals,  unlike  commercial  products  with  RFID  tags,  should  have  the  right  to  control 
the  disclosure  of  their  identifying  information. 

The  federal  government  should  be  fully  aware  by  now  of  the  problems  raised  by 
an  insecure  RFID  scheme.  In  April  2005,  EPIC,  the  Electronic  Frontier  Foundation,  and 
other  groups  submitted  comments  urging  the  State  Department  to  abandon  its  E-Passport 
proposal,  because  it  would  have  made  personal  data  contained  in  hi-tech  passports 
vulnerable  to  unauthorized  access.*4  After  the  Department  of  State  received  more  than 
2,400  comments  on  its  notice  for  proposed  rulemaking  on  RFID-enabled  passports,  many 
of  which  criticized  its  serious  disregard  of  security  and  privacy  safeguards,  the  agency 
said  it  would  implement  Basic  Access  Control  in  an  attempt  to  prevent  skimming  and 
eavesdropping.*5  The  use  of  RFID-enabled  identification  documents,  without  including 
Basic  Access  Control  and  other  safeguards,  contravenes  the  Department  of  State’s 
incorporation  of  basic  security  features  into  new  U.S.  passports.*6 

In  2005,  DHS  began  testing  RFID-enabled  1-94  forms  in  its  United  States  Visitor 
and  Immigrant  Status  Indicator  Technology  (“US-VISIT")  program  to  track  the  entry  and 


83  Gov’t  Accountability  Office.  Report  to  Congressional  Requesters:  Information  Security:  Radio 
Frequency  Identification  Technology  in  the  Federal  Government,  GAO-05-55 1  (May  2005),  available  at 
http://www.gao.gov/new.items/d0555 1  .pdf. 

84  EPIC,  EFF.  et.  al.  Comments  on  RIN  1400-AB93:  Electronic  Passport  (Apr.  4.  2005).  available  at 
http://www.epic.org/privacy/rfid/rfid_passports-0405.pdf. 

85  Dep’t  of  State,  Notice  of  Proposed  Rule,  70  Fed.  Reg.  8305  (Feb.  18.  2005),  available  at 
http://a257.g.akamaitech.net/7/257/2422/0ljan2005l800/edocket.access.gpo.gov/2005/05-3080.htm. 

8,1  See  Kim  Zetter,  Feds  Rethinking  RFID  Passport.  Wired.  Apr.  26,  2005:  Eric  Lipton.  Bowing  to  Critics, 
U.S.  to  Alter  Design  of  Electronic  Passports,  N.Y.  Times,  Apr.  27,  2005. 
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exit  of  visitors.8  The  RFID-enabled  forms  stored  a  unique  identification  number,  which 
is  linked  to  data  files  containing  foreign  visitors’  personal  data.8x  EPIC  warned  that  this 
flawed  proposal  would  endanger  personal  privacy  and  security,  citing  the  plan’s  lack  of 
basic  privacy  and  security  safeguards.8'1  The  Department  of  Homeland  Security's 
Inspector  General  echoed  EPIC’s  warnings  in  a  July  2006  report.  The  Inspector  General 
found  “security  vulnerabilities  that  could  be  exploited  to  gain  unauthorized  or  undetected 
access  to  sensitive  data”  associated  with  people  who  carried  the  RFID-enabled  1-94 
forms.90  A  report  released  by  the  Government  Accountability  Office  in  late  January 
identified  numerous  performance  and  reliability  issues  in  the  15-month  test.91  The  many 
problems  with  the  RFID-enabled  identification  system  led  Homeland  Security  Secretary 
Michael  Chertoff  to  admit  in  Congressional  testimony  on  February  9th  that  the  pilot 
program  had  failed,  stating  “yes,  we’re  abandoning  it.  That’s  not  going  to  be  a  solution” 
for  border  security.92 


87  Dep't  of  Homeland  Sec.,  Notice  With  Request  For  Comments:  United  States  Visitor  and  Immigrant 
Status  Indicator  Technology  Notice  on  Automatic  Identification  of  Certain  Nonimmigrants  Exiting  the 
United  States  at  Select  Land  Border  Ports-of- Entry,  70  Fed.  Reg.  44934  (Aug.  5,  2005),  available  at 
http://frwebgate  1  .access.gpo.gov/cgi- 

dbin/waisgate.cgi?W  AlSdocID=02 1 420363270+2+0 +0&WAISaction=retrieve. 

88  The  data  includes  biographic  information,  such  as  name,  date  of  birth,  country  of  citizenship,  passport 
number  and  country  of  issuance,  complete  U.S.  destination  address,  and  digital  Fingerscans.  Dep't  of 
Homeland  Sec.,  Notice  of  Availability  of  Privacy  Impact  Assessment,  70  Fed.  Reg.  39300,  39305  (July  7, 
2005),  available  at 

http://a257.g.akamaitech.  net/7 /257/2422/0 1 jan2005 1 800/edocket.access.gpo.gov/2005/05- 1 337 1  .htm. 

8,1  EPIC,  Comments  on  Docket  No.  DHS-2005-001 1 :  Notice  With  Request  For  Comments:  United  States 
Visitor  and  Immigrant  Status  Indicator  Technology  Notice  on  Automatic  Identification  of  Certain 
Nonimmigrants  Exiting  the  United  States  at  Select  Land  Border  Ports-of-Entry  (Dec.  8,  2005),  available  at 
http://www.epic.org/privacy/us-visit/100305_rfid.pdf. 

l|"  Dep’t  of  Homeland  Sec.  Inspector  Gen..  Additional  Guidance  and  Security'  Controls  Are  Needed  Over 
Systems  Using  RFID  at  DHS  ( Redacted )  7  (July  2006).  available  at 
http://www.dhs.gov/xoig/assets/mgmtrpls/OIGr_06-53_Jul06.pdf. 

91  Richard  M.  Stana,  Dir.,  Homeland  Sec.  &  Justice  Issues,  Gov’t  Accountability  Office,  Testimony  Before 
the  Subcom.  on  Terrorism,  Tech.,  <£  Homeland  Sec.,  S.  Comm,  on  the  Judiciary,  1 10th  Cong.  (Jan.  31, 
2007),  available  at  http://www.gao.gov/new.items/d07378t.pdf. 

92  Michael  Chertoff,  Sec’y,  Dep’t  of  Homeland  Sec.,  Testimony  at  a  Hearing  on  the  Fiscal  Year  2008  Dep  't 
of  Homeland  Sec.  Budget  Before  the  H.  Comm,  on  Homeland  Sec.,  1 10th  Cong.  (Feb.  9,  2007),  available  at 
http://www.epic.org/privacy/us-visit/chertoff_020907.pdf. 
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In  Congressional  testimony  in  March,  a  GAO  official  cautioned  against  the  use  of 
RFID  technology  to  track  individuals.  “Once  a  particular  individual  is  identified  through 
an  RFID  tag,  personally  identifiable  information  can  be  retrieved  from  any  number  of 
sources  and  then  aggregated  to  develop  a  profile  of  the  individual.  Both  tracking  and 
profiling  can  compromise  an  individual’s  privacy,”  the  GAO  said.''5  The  GAO  reiterated 
the  many  problems  with  the  failed  US-VISIT  RFID  project  and  expressed  concern  that, 
despite  this  failure,  DHS  endorsed  the  use  of  RFID  in  the  Western  Hemisphere  Travel 
Initiative  PASS  Card. 

In  December,  the  Department  of  Homeland  Security  Data  Privacy  and  Integrity 
Advisory  Committee  adopted  a  report,  “The  Use  of  RFID  for  Identity  Verification,” 
which  included  recommendations  concerning  the  use  of  RFID  in  identification 
documents.94  The  committee  outlined  security  and  privacy  threats  associated  with  RFID 
similar  to  the  ones  discussed  below,  and  it  urged  against  RFID  use  unless  the  technology 
is  the  “least  intrusive  means  to  achieving  departmental  objectives.”95  It  is  clear  that  the 
RFID  technology  outweigh  its  benefits  and  should  not  be  used  in  identification 
documents. 

VIII.  Uniform  License  Design  Would  Cause  Discrimination  Against 
Non-REAL  ID  Cardholders 


93  Linda  D.  Koontz.  Dir.,  Info.  Mgmt.  Issues,  Gov’t  Accountability  Office,  Testimony 

Before  the  Subcom.  on  Homeland  Sec.,  H.  Conun.  on  Appropriations,  1 10th  Cong.  (Apr.  14,  2007), 
available  at  http://www.gao.gov/new.items/d07630t.pdf. 

94  Dep’t  of  Homeland  Sec..  Data  Privacy  &  Integrity  Advisory  Comm.,  The  Use  of  RFID  for  Human 
Identity  Verification  ( Report  No.  2006-02)  (Dec.  6,  2006),  available  at 
http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_l2-2006_rpt_RFID.pdf. 

95  Id.  at  2. 
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The  Department  of  Homeland  Security  contemplates  a  universal  design  for 
compliant  and  non-compliant  REAL  ID  cards.96  A  universal  design,  especially  for  a  card 
including  citizenship  status,  would  cause  irreparable  harm,  as  it  would  foster  suspicion  of 
those  who  do  not  wish  to  carry  the  REAL  ID  card.  Uniform  design  for  a  national 
identification  card  would  also  create  an  enormous  security  risk. 

A.  Universal  Design  Would  Foster  Suspicion  of  Innocent  Individuals 

The  agency  is  considering  a  uniform  REAL  ID  card  design,  asking  for  comments 
on  “[wjhether  DHS  should  standardize  the  unique  design  or  color  required  for  non-REAL 
ID  under  the  REAL  ID  Act  for  ease  of  nationwide  recognition,  and  whether  DHS  should 
also  implement  a  standardized  design  or  color  for  REAL  ID  licenses.”9'  Mandating 
distinct  designs  or  colors  for  both  REAL  ID  and  regular  licenses  and  identification  cards 
and  requiring  non-REAL  ID  driver’s  licenses  or  ID  cards  to  have  explicit  “invalid  for 
federal  purposes”  designations  turns  this  “voluntary”  card  into  a  mandatory  national  ID 
card.  It  would  divide  the  country  into  two  -  people  with  the  REAL  ID  card  and  those 
without  -  and  anyone  with  a  different  license  or  ID  card  would  be  instantly  suspicious. 
Significant  delay,  complication  and  possibly  harassment  or  discrimination  would  fall 
upon  those  who  choose  not  to  carry  a  REAL  ID  card. 

B.  Official  and  Unofficial  Purposes  of  REAL  ID  Must  Not  Be  Increased 
According  to  DHS,  State  driver’s  licenses  and  identification  cards  must  meet 

standards  set  out  in  the  regulations  to  be  accepted  for  Federal  use  under  REAL  ID.  Such 
Federal  purposes  include  entering  Federal  facilities,  boarding  commercial  aircraft, 
entering  nuclear  power  plants,  and  “any  other  purposes  that  the  Secretary  shall 

96  REAL  ID  Draft  Regulations  at  10,841-42,  supra  note  I. 

97  Id.  at  10,842. 
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determine,”  but  the  limitation  on  use  to  the  three  enumerated  purposes  are  “for  the  time 
being.”98  The  Department  of  Homeland  Security,  via  the  draft  regulations  and  Homeland 
Security  Secretary  Michael  Chertoff,  contemplates  expanding  the  use  of  the  national 
identification  system. 

In  the  draft  regulations,  the  agency  seeks  comments  on  "how  DHS  could  expand 
[the  card’s  official  purposes]  to  other  federal  activities."9''  In  a  February  speech.  Secretary 
Chertoff  said  he  envisioned  the  REAL  ID  licenses  "dofingl  double-duty  or  triple-duty.”10" 
These  national  identification  cards  would  "be  used  for  a  whole  host  of  other  purposes 
where  you  now  have  to  carry  different  identification.”""  The  agency  also  may  use  the 
REAL  ID  card  in  the  Western  Hemisphere  Travel  Initiative  program  -  if  citizenship  is 
denoted  on  the  card  and  long-range  RFID  technology  added.102 

In  the  agency’s  economic  analysis  of  REAL  ID  implementation,  reducing  ID  theft 
is  listed  as  one  of  the  potential  ancillary  benefits  of  the  national  identification  system. 
However,  the  agency  says  that  the  potential  benefit  would  depend  on  a  vast  expansion  of 
REAL  ID  uses  from  the  three  official  purposes  required  in  the  draft  regulations;  DHS 
suggests  what  is  needed  is  “incidental  and  required  use  of  REAL  ID  documents  in 
everyday  transactions.”101  DHS  envisions  that  employers,  social  service  agencies 


Regulatory  Evaluation  at  30,  supra  note  18. 

'w  REAL  ID  Draft  Regulations  at  10.823.  supra  note  1. 

100  Michael  Chertoff.  Sec’y,  Dep't  of  Homeland  Sec..  Remarks  by  Secretary  Michael  Chertoff  at  the 
National  Emergency  Management  Association  Mid-Year  Conference  (Feb.  12,  2007),  available  at 
http://www.dhs.gov/xnews/speeches/sp_l  1713761 13152.shtm. 

1,11  Id. 

in2  See  RFID  Technology  discussion,  supra  Section  VII(c)  (security  and  privacy  risks  inherent  in  RFID 
use),  and  Citizenship  Designation  discussion,  supra  Section  IV  (citizenship  designation  breeds 
discrimination). 

103  Regulatory  Evaluation  at  1 30,  supra  note  1 8;  see  Identity  Theft  discussion,  infra  at  Section  X(c)  (why 
REAL  ID  will  not  reduce  identity  theft). 
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(including  Medicare,  Medicaid  and  student  financial  aid),  firearm  sellers  and  licensors, 
and  election  workers  will  all  use  this  national  identification  system.104 

The  official  and  unofficial  uses  of  REAL  ID  must  not  be  broadened.  Such 
expansion  would  harm  national  security.  As  explained  below,  using  a  single  card  for 
many  identification  purposes  would  be  the  same  as  using  one  key  for  every  lock. 

IX.  Expanded  Data  Collection  and  Retention  Increases  Security 
Risks 

Under  REAL  ID,  the  government  would  have  easy  access  to  an  incredible  amount 
of  personal  data  stored  in  one  national  database  (or,  according  to  the  DHS  description,  56 
State  and  Territory  databases,  each  of  which  can  access  all  of  the  others).1"5  DHS  claims 
that  it  is  not  expanding  data  collection  and  retention,  but  it  is  enlarging  schedules  and 
procedures  for  retention  and  distribution  of  identification  documents  and  other  personal 
data.  This  broad  expansion  of  data  collection  and  retention  in  a  national  database  creates 
significant  threats  to  privacy  and  security. 

The  agency  makes  two  claims  about  the  expanded  data  retention  under  REAL  ID 
that  we  dispute:  (1)  “Most  States  already  include  this  [extensive,  personal]  information  in 
a  machine  readable  technology,”  and  (2)  "neither  the  Real  ID  Act  nor  these  proposed 
regulations  gives  the  Federal  Government  any  greater  access  to  information  than  it  had 
before.”10''  Each  claim  is  false:  DHS  is  mandating  the  increase  of  both  the  type  of 
documents  that  need  to  be  retained  and  the  length  of  data  retention,  and  the  agency  will 
give  both  State  and  Federal  governments  greater  access  to  the  personal  data. 

104  See  National  Committee  for  Voting  Integrity,  http://votingintegrity.org/  and  EPIC,  Spotlight  on 
Surveillance,  With  Some  Electronic  Voting  Systems,  Not  All  Votes  Count  (Sept.  2006), 
http://www.epic.org/privacy/surveillance/spotlight/0307  (why  requiring  any  voter  identification  card  is  a 
poll  tax). 

105  Section  202(d)(12);  (d)(  1 3). 

REAL  ID  Draft  Regulations  at  10.824.  supra  note  1. 
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With  the  REAL  ID  national  identification  system,  DHS  imposes  new 
requirements  on  State  motor  vehicle  agencies.  Each  of  the  56  interconnected  databases 
must  contain  all  data  fields  printed  on  driver’s  licenses  and  ID  cards,  and  driver’s 
histories,  including  motor  vehicle  violations,  suspensions,  and  points  on  licenses.1117  The 
States  are  compelled  to  begin  maintaining  paper  copies  or  digital  images  of  important 
identity  documents,  such  as  birth  certificates  or  naturalized  citizenship  papers,  for  seven 
to  10  years. 108  This  is  a  significant  expansion  of  the  personal  data  previously  reviewed  or 
stored  by  State  motor  vehicle  agencies. 

Currently  these  identification  documents  are  kept  in  a  variety  of  places  -  the 
Social  Security  system,  the  immigration  system,  local  courthouses  -  and  it  takes 
considerable  effort  to  gather  them  all  together.  Under  REAL  ID,  all  of  these  identification 
documents  -  concerning,  among  other  things,  births,  marriages,  deaths,  immigration, 
social  services  -  are  consolidated  into  one  national  database,  accessible  to  at  least  tens  of 
thousands  of  government  employees  nationwide,  which  would  give  the  Federal  and  State 
governments  greater  access  than  before. 

Security  expert  Bruce  Schneier,  EPIC  and  others  have  explained  that  it  decreases 
security  to  have  one  ID  card  for  many  purposes,  as  there  will  be  a  substantial  amount  of 
harm  when  the  card  is  compromised.10''  There  is  also  the  threat  that  REAL  ID  is 
ostensibly  trying  to  protect  against:  forged  identification  cards.  Investing  so  much  trust 
into  one  card  means  that  criminals  will  only  have  to  forge  one  identification  card.  “No 


107  Section  202(d)(12);  (d)(13). 

108  REAL  ID  Draft  Regulations  at  10.855.  supra  note  1. 

109  Melissa  Ngo,  Dir.,  EPIC  Identification  &  Surveillance  Project,  Prepared  Testimony  and  Statement  for 
the  Record  at  a  Hearing  on  "Maryland  Senate  Joint  Resolution  5"  Before  the  Judicial  Proceedings  Comm, 
of  the  Maryland  Senate  (Feb.  15,  2007)  [“EPIC  Testimony  at  Maryland  Senate”],  available  at 
http://www.epic.org/privacy/id_cards/ngo_test_02 1 507.pdf. 
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matter  how  unforgeable  we  make  it,  it  will  be  forged.  We  can  raise  the  price  of  forgery, 
but  we  can’t  make  it  impossible.  Real  IDs  will  be  forged,”  Schneier  said."11  A  national 
database  full  of  identification  documents,  images  and  data  would  entice  many  kinds  of 
criminals,  including  terrorists  who  seek  to  steal  the  identity  of  a  “trusted”  individual. 

A  national  identification  system  would  divide  the  United  States  into  two  groups: 
(1)  “trusted  good  guys”  who  have  the  national  ID  card,  and  (2)  “untrusted  bad  guys”  who 
do  not.  But,  Schneier  has  pointed  out  that  there  is  a  third  category  that  appears  -  bad  guys 
who  fit  the  good  guy  profile.  Upon  the  release  of  the  draft  regulations,  Schneier  said, 
"The  REAL  ID  regulations  do  not  solve  problems  of  the  national  ID  card,  which  will  fail 
when  used  by  someone  intent  on  subverting  that  system.  Evildoers  will  be  able  steal  the 
identity  -  and  profile  -  of  an  honest  person,  doing  an  end-run  around  the  REAL  ID 
system.”"1  This  national  identification  system  inherently  contains  significant  threats  to 
individual  privacy  and  national  security."2 

X.  National  ID  Database  Would  Increase  Security 
Vulnerabilities 

In  the  best-case  scenario,  the  creation  of  the  REAL  ID  national  identification 

system  does  nothing  to  improve  our  security  protections.  In  the  worst-case  scenario,  the 

REAL  ID  system  will  exponentially  increase  threats  to  our  national  security.  DHS's 

cryptic  economic  analysis  is  based  upon  incredible  assumptions  about  possible  future 

terrorist  attacks  that  REAL  ID  would  supposedly  prevent.  The  economic  analysis  also 

ignores  indirect  costs.  The  REAL  ID  system  would  harm  national  security  by  increasing 

1 10  Bruce  Schneier.  Real-ID:  Costs  and  Benefits.  BULLETIN  OF  ATOMIC  SCIENTISTS.  Mar./Apr.  2007 
[“Schneier  Essay”],  available  at  http://www.schneier.com/blog/archives/2007/01/realid_costs_an.html. 

1  1  Press  Release,  EPIC,  After  Long  Delay.  Homeland  Security  Department  Issues  Regulations  For  Flawed 
National  ID  Plan  (Mar.  2,  2007),  available  at  http://www.epic.org/press/030207.html. 

1 12  See  National  Database  discussion,  supra  Section  X  (how  universal  identification  systems  increase 
security  threats). 
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risks  of  identity  theft  and  fraud,  and  by  diverting  funds  away  from  other  security 
programs  that  have  been  proven  effective. 

A.  Regulations  Would  Not  Improve  Our  Security  Protections 

Quantitative  risk  assessments  are  characteristically  limited  by  false  or  unverifiable 

assumptions,  faulty  modeling,  and  above  all  short-sighted  local  optimization  that  tends  to 

ignore  long-term  implications  and  slippery-slope  changes  in  the  validity  of  the 

assumptions."'  The  economic  analysis  in  the  Department  of  Homeland  Security’s 

Regulatory  Evaluation  conducts  such  a  quantitative  risk  assessment,  and  falls  victims  to 

these  faulty  assumptions.  The  Regulatory  Evaluation  states: 

The  primary  benefit  of  REAL  ID  is  to  incrementally  increase  U.S.  national 
security  by  reducing  the  vulnerability  to  criminal  or  terrorist  activity  of  federal 
buildings,  nuclear  facilities,  and  aircraft.  The  chances  of  a  terrorist  attack  on  such 
targets  being  successful  would  generally  increase  if  identity  documents  that  grant 
access  to  them  are  in  the  possession  of  the  attackers.  This  is  demonstrated  by  the 
fact  that  several  of  the  9/1 1  hijackers  had  false  driver’s  licenses  or  fraudulently 
obtained  driver’s  licenses  in  their  possession  at  the  time  of  that  attack."4 

The  analysis  goes  on  to  say,  “REAL  ID  is  highly  unlikely  to  impact  the  consequences  of 

a  successful  attack,  but  it  may  impact,  on  the  margin,  the  chance  of  a  terrorist  attack 

being  attempted  and  succeeding.”"5  So,  DHS  is  attempting  to  determine  the  marginal 

chance  that  REAL  ID  will  lessen  the  chance  of  success  or  discourage  the  attempt  of  a 

terrorist  attack.  Setting  aside  the  assumption  that  a  lack  of  REAL  ID  cards  would  make  it 

more  difficult  to  succeed  in  a  terrorist  attack  upon  the  United  States,  we  turn  to  the 

mathematical  formula  that  DHS  uses  to  calculate  the  REAL  ID  system’s  presumed 

"primary  benefit.” 


113  Peter  G.  Neumann,  Computer-Related  Risks ,  §  7.10,  Risks  in  Risk  Analysis,  pp.  255-257(Addison- 
Wesley  1995). 

114  Regulatory  Evaluation  at  126,  supra  note  18. 

115  Id.  at  127. 
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The  annual  risk  that  the  U.S.  faces  with  regard  to  a  potential  terrorist  attack  can  be 
represented  as  the  chance  that  an  attack  will  successfully  take  place,  multiplied  by 
the  consequences  of  that  attack.  This  can  be  mathematically  represented  as  FI*K, 
where  n  is  the  annual  chance  of  a  successful  attack  and  K  is  the  consequences  of 
an  attack  in  monetary  terms.  Homeland  security  measures  such  as  REAL  ID 
impact  either  the  chance  or  consequences  of  a  successful  attack,  or  both.  REAL 
ID  is  highly  unlikely  to  impact  the  consequences  of  a  successful  attack,  but  it  may 
impact,  on  the  margin,  the  chance  of  a  terrorist  attack  being  attempted  and 
succeeding.  Let  LIB  be  this  chance  prior  to  the  introduction  of  REAL  ID,  and  DA 
be  the  chance  after  REAL  ID  comes  into  effect.  Then  the  security  impact  of 
REAL  ID  in  the  course  of  one  year  can  be  measured  in  dollar  terms  as  (FIB  - 
riA)*K."6 

So,  DHS  takes  the  probability  of  a  successful  terrorist  attack  without  the  REAL  ID 

national  identification  system  in  place  (CUB)  and  subtracts  the  probability  of  a  successful 

attack  with  REAL  ID  (DA);  then  they  take  the  resulting  number  and  multiply  it  by  the 

cost  to  the  United  States  of  a  successful  terrorist  attack.  Understandably,  DHS  goes  onto 

explain  that  such  an  evaluation  is  very  difficult  and  full  of  uncertainty. 

Let  the  cost  of  the  REAL  ID  regulation,  which  has  been  estimated,  be  C.  Then  for 
REAL  ID  to  be  fully  justified  on  national  security  grounds  alone,  it  must  be  the 
case  that  its  benefit  is  at  least  as  great  as  its  costs.  The  annual  risk-reduction  benefit 
of  Real  ID  is  dlB  -  f[A)*K,  and  the  sum  of  this  benefit  over  ten  years  must  equal 
Real  ID’s  cost,  C.  If  we  can  determine  a  dollar  value  for  K,  then  we  can  measure 
the  marginal  impact  that  REAL  ID  must  bring  about  on  the  probability  of  a 
successful  terrorist  attack  on  a  federal  target  for  it  to  be  fully  justified  by  its  security 
benefit."7 

DHS  is  attempting  to  determine  if  (FIB  -  riA)*K,  which  is  the  annual  risk-reduction 
benefit  of  REAL  ID,  over  10  years,  is  at  least  equal  to  C,  which  is  the  cost  of  REAL  ID, 
which  DHS  has  set  at  -  a  discounted  rate  of  -  S17.2B.  DHS  goes  on  to  explain  that  this 
formula  is  based  on  the  assumption  that  another  attack  would  affect  us,  in  economic 
terms,  the  same  as  September  1 1,  2001.  DHS  estimates  another  attack  would  cost  the 
United  States  either  $63.9  billion  (an  estimate  of  the  immediate  impact  incurred)  or 


mId.  at  127. 
117  Id. 
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$374. 7B  (an  estimate  of  the  immediate  and  longer  run  impact)."8  Other  assumptions: 


We  assume  that  terrorist  groups  are  seeking  to  inflict  another  attack  with 
consequences  on  the  order  of  magnitude  of  9/1 1.  We  also  assume  that  they  are 
engaged  in  a  campaign  such  that  in  every  year  during  the  10-year  period  over  which 
the  costs  and  benefits  of  REAL  ID  are  being  evaluated,  there  is  a  positive  and 
identical  probability  of  being  successfully  attacked.  Under  this  assumption,  the 
expected  present  value  of  the  consequences  of  the  terrorist  campaign  against  the 
U.S.  homeland  equals  the  sum  of  the  expected  values  of  consequences  in  each 
particular  year  over  the  10-year  period  2007-16: 

11 2007 *K 2007  +  (l-d)*D2008*K2008  +  (l-d)2*D2009*K2009  +  .... 

+  (l-d)9*n2016*K2016, 

where  □  is  the  discount  rate  and  K  is  the  monetary  value  of  consequences  in  real 
2006  dollars.  Because  we  assume  that  □  and  □  do  not  change  from  year  to  year, 
this  can  be  re-written  as: 

n*K  +  o-d)*  n*K  +  (i-a)2*  n*K  +  ....  +  (i-a)9*  n*K , 

or 

D*n*K,  where  D  equals  { 1  +  (1-0)  +  (1-0)2  +  ....  +  (1-3)9}. 

This  expression  is  the  sum  of  the  expected  discounted  annual  consequences  of  a 
terrorist  campaign  against  the  U.S.  homeland  over  a  ten-year  period.  As  noted 
earlier.  Real  ID  is  anticipated  to  bring  about  a  reduction  in  the  annual  probability  of 
a  successful  attack  from  nB  -  I1A.  and  the  security  benefit  of  Real  ID  over  the  ten- 
year  period  is  therefore  D*(I1B  -  nA)*K."9 

The  variable  D  represents  the  annual  consequences  of  a  terrorist  campaign  against  the 

U.S.  over  a  ten-year  period.  DHS  multiplies  D  by  [( n B  -  flA)  times  K],  which  is  the 

annual  risk-reduction  benefit  of  REAL  ID.  DHS  then  sets  this  equation  equal  to  the 

direct  cost  of  the  REAL  ID  national  ID  system.  By  solving  this  equation,  DHS  hopes  to 

find  the  marginal  impact  on  security  that  the  REAL  ID  system  must  have  in  order  to 

break  even.  For  "Real  ID  to  break  even  with  respect  to  cost  and  expected  security 


118  Id.  at  127. 

1 19  Regulatory  Evaluation  at  1 28-29,  supra  note  1 8. 
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benefits,  it  must  be  the  case  that  D*01B  -  []A)*K  =  C,  or  FIB  -  FIA  =  C/(D*K).”120  So, 
to  break  even,  we  need  [D*(nB  -  nA)*Kl  to  be  equal  to  C,  meaning  that  how  much 
REAL  ID  will  save  us  in  economic  terms  must  be  equal  to  the  cost  of  the  REAL  ID 
system.  Or,  stated  another  way,  it  must  be  that  I~1B  -  FIA,  probability  of  a  successful 
terrorist  attack  without  the  REAL  ID  national  identification  system  in  place  (CUB)  minus 
the  probability  of  a  successful  attack  with  REAL  ID  (11  A),  is  equal  to  C,  cost  of  REAL 
ID  system,  divided  by  |D,  annual  consequences  of  a  terrorist  campaign  against  the  U.S. 
over  a  ten-year  period,  multiplied  by  K.  cost  to  the  United  States  of  a  successful  terrorist 
attack). 

Here  is  where  it  gets  tricky.  Assuming  the  cost  of  REAL  ID  to  be  S17.2B  and  the 
cost  of  a  successful  9/1 1-type  terrorist  attack  to  be  $374.7  billion  long-term,  the  value  of 
C/D*K,  in  2006  dollars,  is  0.61%.  Therefore,  for  "REAL  ID  to  be  fully  justified  by  its 
primary  security  benefit,  it  must  bring  about  a  marginal  reduction  in  the  annual  chance  of 
a  successful  9/1 1-type  attack  of  0.6 1%.”121  If  DHS  only  estimates  the  immediate  impact, 
and  assumes  the  cost  of  REAL  ID  to  be  $17.2  billion  and  the  cost  of  the  attack  to  be 
$63.9  billion,  then  the  value  of  C/(D*K)  is  3.60%.  “For  REAL  ID  to  be  fully  justified  by 
its  primary  security  benefit  in  immediate  impacts  alone,  it  must  bring  about  a  marginal 
reduction  in  the  annual  chance  of  a  successful  9/1 1-type  attack  of  3.60%.”122 

After  all  of  these  head-scratching  mathematical  assumptions,  there  is  no  conclusion, 
because,  as  DHS  explains,  “[wjithout  further  information  on  the  absolute  level  of  DB  [the 
probability  of  a  successful  terrorist  attack  without  the  REAL  ID  national  identification 
system  in  place],  it  is  difficult  to  say  whether  0.61%  or  3.60%  is  a  very  large  reduction  in 

120  Id.  at  129. 

121  u 
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the  chance  of  successful  attack,  or  a  more  moderate  reduction.”125  Therefore,  it  is 


unknown,  even  with  all  of  these  assumptions,  whether  REAL  ID  would  even  marginally 
reduce  the  possibility  of  a  successful  terrorist  attack. 

DHS  acknowledges  that  certain  assumptions  are  used  in  this  analysis,  such  as 
assumptions  for  the  variable  K,  the  impact  or  the  cost  to  the  U.S.  economy  of  a  terrorist 
attack,  which  DHS  assumes  would  be  of  the  same  magnitude  as  September  1 1,  2001. 
However,  there  is  little  discussion  about  the  variable  C,  the  cost  of  the  REAL  ID  system. 
There  are  two  ways  in  which  the  figures  used  by  DHS  are  faulty:  1)  they  underestimate 
the  direct  costs  and  2)  they  ignore  the  indirect  costs.  Such  indirect  costs  include  the 
impact  upon  civil  liberties,  increased  risk  of  identity  theft  and  fraud,  and  the  diversion  of 
funds  from  other,  effective  security  programs.121  Both  faulty  assumptions  make  the 
variable  C  smaller,  while  DHS  has  assumed  a  very  large  number  for  K.  so  the  cost  of  the 
REAL  ID  system  would  seem  dwarfed  in  comparison  to  the  cost  of  another  terrorist 
attack,  making  REAL  ID  seem  cost-effective  even  if  it  only  has  a  marginal  effect  on  the 
probability  of  another  attack  -  an  effect  REAL  ID  would  not  have. 

REAL  ID  does  not  add  to  our  security  protections,  but  in  fact  increases  our  security 
threats  by  diverting  needed  funds  from  other  national  security  projects.  The  estimated 
cost  of  REAL  ID  implementation  has  spiraled.  Before  the  Act’s  passage  in  2005,  the 
Congressional  Budget  Office  estimated  its  cost  to  be  around  $100  million. 12:5  In 
September,  the  National  Conference  of  State  Legislatures  released  a  report  estimating  the 


123  id. 

124  See  Identity  Theft  discussion,  infra  at  Section  X(c)  (REAL  ID  increases  risks  for  identity  theft). 

125  Cong.  Budget  Office,  Cost  Estimate:  H.R.  418:  REAL  ID  Act  of 2005  (Feb.  9.  2005),  available  at 
http://www.cbo.gov/showdoc.cfm?index=6072&sequence=0&from=6. 
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cost  to  be  $1 1  billion  over  the  first  five  years.12'’  Now,  the  Department  of  Homeland 
Security  has  admitted  that  REAL  ID  will  cost  states  and  individuals  from  $17.2  billion  to 
$23. 1  billion  over  ten  years.12  Congress  has  appropriated  only  $40  million  for  REAL  ID 
implementation.  The  Department  of  Homeland  Security  now  says  that  a  state  can  use  up 
to  20  percent  of  its  Homeland  Security  Grant  Program  funding  for  REAL  ID 
implementation,  which  total  about  $100  million  for  2007. 12x  Implementation  costs  for  the 
state  of  California  alone  would  be  about  $500  million.129 

Diverting  Homeland  Security  Grant  Program  money  to  REAL  ID  means  that 
funding  originally  budgeted  by  the  states  for  other  homeland  security  projects,  including 
training  and  equipment  for  rescue  and  first  responder  personnel.  Even  if  the  states 
received  $100  million  per  year  for  10  years,  that  would  still  amount  to  only  $1.04  billion 
in  Federal  funds,  a  fraction  of  the  $17.2  billion  to  $23.1  billion  price  tag.  The  rest  of  the 
cost  would  be  borne  by  states  and  their  residents. 

B.  Regulations  Would  Increase  National  Security  Threats 
In  a  recent  analysis  of  the  REAL  ID  Act,  EPIC  Executive  Director  Marc 
Rotenberg  explained  that  “[s]ystems  of  identification  remain  central  to  many  forms  of 
security.  But  designing  secure  systems  that  do  not  introduce  new  risks  is  proving  more 
difficult  than  many  policymakers  had  imagined.”1'"  The  theory  that  the  REAL  ID  Act 


126  Governors’  Analysis,  supra  note  46. 

127  REAL  ID  Draft  Regulations  at  10.845.  supra  note  1. 

I2S  Press  Release,  Dep’t  of  Homeland  Sec..  DHS  Issues  Proposal  for  States  to  Enhance  Driver’s  Licenses 
(Mar.  1.  2007).  available  at  http://www.dhs.gov/xnews/releases/pr_l  172765989904.shtm. 

129  Cal.  Dep’t  of  Motor  Vehicles.  Report  to  the  Legislature  on  the  Status  of  the  REAL  ID  Act,  at  3  (Dec.  15, 
2006),  available  at  http://www.dmv.ca.gov/about/real_id/real_id.pdf. 

110  Marc  Rotenberg,  Exec.  Dir.,  EPIC,  Real  ID.  Real  Trouble?,  COMMUNICATIONS  OF  THE  ACM,  Mar. 
2006,  available  at  http://www.epic.org/privacy/id_cards/mr_cacm0306.pdf. 
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will  prevent  terrorism  is  predicated  on  the  belief  that  only  “outsiders”  have  an  intent  to 
harm  the  United  States.  This  theory  is  fundamentally  flawed. 

Security  expert  Bruce  Schneier  has  explained  the  theory  of  identification-based 
security.  “In  theory,  if  we  know  who  you  are,  and  if  we  have  enough  information  about 
you,  we  can  somehow  predict  whether  you’re  likely  to  be  an  evildoer,”  Schneier  said. 1,1 
This  is  impossible,  because  you  cannot  predict  intent  based  on  identification,  he  said.112 
There  are  threats  from  both  sides.  Terrorist  acts  have  been  committed  by  U.S.  citizens, 
"insiders.”  Oklahoma  City  bombers  Timothy  McVeigh  and  Terry  Nichols  were  U.S. 
citizens.  As  was  Unabomber  Ted  Kaczynski. 

A  recent  case  illustrates  Schneier’s  point.  According  to  court  documents,  last 
month,  two  men  entered  restricted  areas  at  an  airport  in  Florida,  bypassed  security 
screeners  and  carried  a  duffel  bag  containing  14  guns  and  drugs  onto  a  commercial 
plane.”133  They  avoided  detection,  because  they  are  airline  baggage  handlers  who  used 
their  uniforms  and  legally  issued  identification  cards.1'4  Both  men  had  passed  Federal 
background  checks  before  they  were  hired,  according  to  a  spokesman  for  Comair,  the 
airline  that  employed  the  men.133  This  questions  the  assumption  that  more  and  broader 
background  checks,  such  as  those  suggested  in  the  draft  regulations,  would  prevent 
insider  attacks.  There  are  other  problems  with  the  background  checks,  which  will  be 
discussed  below.136 


151  Schneier  Essay,  supra  note  1 10. 

132  Id. 

133  Jim  Ellis,  Feds:  Bag  Of  Guns  Smuggled  Onto  Plane ,  Associated  Press,  Mar.  9.  2007. 

134  Id. 

135  Id. 

136  See  Domestic  Violence  discussion,  infra  Section  XI. 
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The  baggage  handlers  were  only  investigated  and  caught  after  police  received  an 
anonymous  tip.1 '  If  the  airport  had  identification-neutral  security  systems,  such  as 
requiring  all  fliers  go  through  metal  detectors,  then  the  men  could  not  have  walked  past 
them.  But  the  identification-based  security  system  failed  because  it  allowed  some  fliers  to 
skip  screening  because  they  are  presumed  to  have  no  evil  intent,  and  the  men  transported 
weapons  and  contraband  aboard  a  commercial  flight.  Creating  a  national  identification 
system  would  have  just  as  devastating  consequences,  but  on  a  larger  scale,  because  many 
more  people  would  be  presumed  "trusted”  or  "untrusted"  based  upon  their  decision  to 
carry  or  not  carry  the  REAL  ID  card. 

C.  Even  If  Assumptions  Granted,  REAL  ID  Would  Not  Substantially  Affect 
Identity  Theft  Crimes 

The  draft  regulations  list  reducing  identity  theft  as  one  of  the  benefits  of  the 
REAL  ID  national  identification  system.1'*  However,  the  agency’s  own  economic 
analysis  under  its  Regulatory  Evaluation  shows  that,  even  if  one  grants  DHS  the 
economic  assumptions  it  makes,  overall  identity  theft  crimes  would  only  be  reduced  by 
2.8  percent,  at  best."'* 

First,  it  is  important  to  note  that  the  DHS  Regulatory  Evaluation  does  not  list 
"Reduce  Identity  Theft”  under  any  of  the  three  categories  of  benefits  -  “monetized,” 
"annualized  quantified,  but  unmonetized.”  or  “unquantifiable  benefits"  in  the  accounting 
statement  for  the  draft  regulations.14"  Actually,  the  only  benefit  listed  is  under 
“unquantifiable  benefits,”  and  that  is  the  claim  that  REAL  ID  would  “incremementally 
increase  U.S.  national  security.” 

1,7  Jim  Ellis,  Feds:  Bag  Of  Guns  Smuggled  Onto  Plane. 

138  REAL  ID  Draft  Regulations  at  1 0.837.  10.846.  supra  note  1. 

139  Regulatory  Evaluation  at  5,  supra  note  18. 

140  Id.  at  7. 
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Second,  the  Regulatory  Evaluation  later  lists  “reducing  identity  theft”  as  a 


potential  ancillary  benefit.141  The  economic  analysis  explains  that: 

REAL  ID  will  only  have  the  ability  to  impact  those  types  of  identity  theft  that 
require  a  drivers  license  for  successful  implementation,  and  only  to  the  extent  that 
the  rulemaking  leads  to  incidental  and  required  use  of  REAL  ID  documents  in 
everyday  transactions,  which  is  an  impact  that  also  depends  critically  on  decisions 
made  by  State  and  local  governments  and  the  private  sector.142 

The  potential  ancillary  benefit  depends  on  a  vast  expansion  of  REAL  ID  uses  from  the 

three  official  purposes  required  in  the  draft  regulations.  The  economic  analysis  assumes 

that  REAL  ID  would  be  used  in  “everyday  transactions,”  which  would  have  a  devastating 

affect  on  identity  theft  protections.14'  Setting  aside  that  flawed  assumption  and  focusing 

upon  the  economic  analysis,  there  is  little  benefit  to  be  found.  If  all  of  the  agency’s 

assumptions  are  agreed  to,  including  the  belief  that  REAL  ID  cards  would  be  used  in 

everyday  transactions,  the  Department  of  Homeland  Security  still  finds  that  REAL  ID 

would  reduce  by  10  percent  only  the  28  percent  of  ID  theft  crimes  that  “are  likely  to 

require  the  presentation  of  an  identity  document  like  a  drivers  license.”144  Therefore,  the 

REAL  ID  national  identification  system  will  reduce  only  2.8  percent  of  all  identity  theft 

crimes,  a  savings  of  approximately  $1.6  billion  total  for  the  2007-2016  period.14'  The 

Department  of  Homeland  Security  has  estimated  that  REAL  ID  would  cost  $23.1  billion 

for  that  period.  Basic  economic  analysis  finds  that  one  ought  not  spend  $23.1  billion  to 

create  a  national  identification  system  that  might  reduce  the  cost  of  identity  theft  crimes 

by  $1.6  billion. 


w  Id.  at  126.  129-30. 

142  Id.  at  130. 

143  See  Identity  Theft  discussion,  infra  at  Section  X(c)  (REAL  ID  increases  risks  of  identity  theft). 

144  Regulatory  Evaluation  at  130,  supra  note  18. 

145  Id. 
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D.  Centralized  Identification  System  Increases  Risk  of  Identity  Theft 


The  draft  regulations  create  a  national  identification  system  with  a  national 
database,  and  this  creates  an  enormous  security  risk.  EPIC  and  others  have  explained  that 
it  decreases  security  to  have  a  centralized  system  of  identification,  one  ID  card  for  many 
purposes,  as  there  will  be  a  substantial  amount  of  harm  when  the  card  is  compromised.146 

The  REAL  ID  Act  mandates  that  States  provide  every  other  state  with  electronic 
access  to  information  contained  in  their  motor  vehicle  databases  and  each  State  database 
must  contain  all  data  fields  printed  on  driver’s  licenses  and  ID  cards,  and  driver’s 
histories,  including  motor  vehicle  violations,  suspensions,  and  points  on  licenses.147  Yet, 
DHS  claims  that  a  national  database  will  not  be  created  because  the  regulations  ”leave|] 
the  decision  of  how  to  conduct  the  exchanges  in  the  hands  of  the  States.”14*  This 
mandatory  “State-to-State  data  exchange”  creates  one  huge  national  database  containing 
the  personal  information  of  245  million  license  and  ID  cardholders  -  a  database  that  can 
be  accessed  at  DMVs  across  the  country. 

Using  a  national  ID  card  would  be  as  if  you  used  one  key  to  open  your  house, 
your  car,  your  safe  deposit  box,  your  office,  and  more.14''  “The  problem  is  that  security 
doesn’t  come  through  identification;  security  comes  through  measures  -  airport 
screening,  walls  and  door  locks  -  that  work  without  relying  on  identification";  therefore. 


146  EPIC  Testimony  at  Maryland  Senate,  supra  note  109:  see  EPIC,  Comments  to  the  Federal  Identity  Theft 
Task  Force,  P0654I0  (Jan.  19.  2007),  available  at 

http://www.epic.org/privacy/idtheft/EPIC_FTC_ID_Theft_Comments.pdf:  EPIC  page  on  Identity  Theft:  Its 
Causes  and  Solutions,  available  at  http://www.epic.org/privacy/idtheft/. 

147  Section  202(d)(  1 2);  (d)(13). 

,4'<  REAL  ID  Draft  Regulations  at  10.825.  supra  note  1. 

149  Melissa  Ngo,  Dir.,  Identification  &  Surveillance  Project,  EPIC,  Prepared  Testimony  and  Statement  for 
the  Record  at  a  Meeting  on  "REAL  ID  Rulemaking"  Before  the  Data  Privacy  <£  Integrity  Advisory  Comm., 
Dep't  of  Homeland  Sec.  (Apr.  14.  2007),  available  at 
http://www.epic.org/privacy/id_cards/ngo_test_032107.pdf. 
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a  centralized  system  of  identification  would  not  increase  national  security,  security  expert 
Bruce  Schneier  has  said.10 

A  large  data  breach  affects  the  confidence  and  trust  of  the  public.  People  will 
recoil  from  systems  that  create  privacy  and  security  risks  for  their  personal  data.  We  have 
seen  countless  data  breaches  that  have  left  the  personal  data  of  tens  of  millions  of 
Americans  vulnerable  to  misuse.  Recently,  almost  46  million  credit  and  debit  card 
numbers  were  stolen  by  hackers  who  accessed  the  computer  systems  at  the  TJX 
Companies  over  a  period  of  several  years,  making  it  the  biggest  breach  of  personal  data 
ever  reported. IM  The  computer  system  breaches  began  in  July  2005  but  weren’t 
discovered  until  December  2006  -  the  financial  data  of  millions  were  exposed  for  17 
months.152  Last  May,  an  information  security  breach  by  a  Department  of  Veterans  Affairs 
employee  resulted  in  the  theft  from  his  Maryland  home  of  unencrypted  data  affecting 
26.5  million  veterans,  active-duty  personnel,  and  their  family  members.15'  The  laptop  and 
an  external  hard  drive  contained  unencrypted  information  that  included  millions  of  Social 
Security  numbers,  disability  ratings  and  other  personal  information.154  In  February  2005, 
databroker  Choicepoint  sold  the  records  of  at  least  145.000  Americans  to  a  criminal  ring 
engaged  in  identity  theft.1  5  Also  that  year.  Bank  of  America  misplaced  back-up  tapes 


150  Press  Release,  EPIC,  After  Long  Delay.  Homeland  Security  Department  Issues  Regulations  For  Flawed 
National  ID  Plan  (Mar.  2,  2007).  available  at  http://www.epic.org/press/030207.html. 

151  TJX  Cos.,  Annual  Report  (Form  10-K).  at  8-10  (Mar.  28.  2007).  available  at 
http://ir.l0kwizard.com/downIoad.php?format=PDF&ipage=4772887&source=487. 

152  Id.  at  7. 

151  See  EPIC’s  Page  on  the  Veterans  Affairs  Data  Theft,  http://www.epic.org/privacy/vatheft/. 

154  Statement,  Dep't  of  Veterans  Affairs.  A  Statement  from  the  Department  of  Veterans  Affairs  (May  22, 
2006). 

155  Robert  O'Harrow  Jr.,  ID  Theft  Scant  Hits  D.C.  Area  Residents,  Wash.  Post,  Feb.  21 , 2005,  at  A01 ;  see 
EPIC’s  Page  on  ChoicePoint.  http://www.epic.org/privacy/choicepoint/. 
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containing  detailed  financial  information  on  1.2  million  employees  in  the  Federal 
government,  including  many  members  of  Congress.1'*' 

A  centralized  identification  system  would  be  a  tempting  target  for  identity  thieves. 
If  a  criminal  breaks  the  system’s  security,  then  the  criminal  would  have  access  to  the 
personal  information  of  every  single  person  in  that  database.  If  this  one,  centralized 
system  is  used  across  the  nation,  this  would  put  hundreds  of  millions  of  people  at  risk  for 
identity  theft. 

There  is  another  significant  security  risk,  besides  that  of  attacks  by  unauthorized 
users,  and  that  is  of  authorized  users  abusing  their  power.15  A  2005  scandal  in  Florida 
highlights  risks  associated  with  large  database  systems.  A  woman  wrote  to  a  newspaper 
criticizing  a  Florida  sheriff  as  being  too  fat  for  police  work  and  condemning  his  agency’s 
use  of  stun  guns.158  Orange  County  Sheriff  Kevin  Beary  ordered  staffers  to  use  state 
driver’s  license  records  to  find  the  home  address  of  his  critic.159  The  sheriff  sent  her  a 
letter  at  her  home  address,  and  she  reported  being  surprised  that  he  was  able  to  track  her 
down  so  easily.16"  In  a  case  in  Maryland  just  last  year,  three  people  -  including  a 
Maryland  Motor  Vehicle  Administration  official  -  were  indicted  on  charges  of 
“conspiring  to  sell  unlawfully  produced  MVA-issued  Maryland  identification  cards.’’161 

The  consumer  harm  that  results  from  the  wrongful  disclosure  of  personal 
information  is  very  clear.  For  the  seventh  year  in  a  row,  identity  theft  is  the  No.  1  concern 


l5fi  Robert  Lemos,  Bank  of  America  loses  a  million  customer  records,  CNet  News.com,  Feb.  25,  2005. 

157  See  Domestic  Violence  discussion,  infra  Section  XI  (abusers  use  their  authorized  access  to  stalk 
victims). 

158  Called  fat,  sheriff  tracks  down  reader.  Associated  Press,  Apr.  6,  2005. 

159  Id. 

160  Id. 

161  Fake  ID  Cards,  Wash.  Post,  Mar.  15,  2006.  at  B02. 
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of  U.S.  consumers,  according  to  the  Federal  Trade  Commission’s  annual  report.162  Over 
104  million  data  records  of  U.S.  residents  have  been  exposed  due  to  security  breaches 
since  January  2005,  according  to  a  report  from  the  Privacy  Rights  Clearinghouse.163  A 
centralized  system  of  identification  creates  a  “one-stop  shop”  for  identity  thieves. 
Centralizing  authority  over  personal  identity  into  one  database  and  one  card  increases 
both  the  risk  of  identity  theft  as  well  as  the  scope  of  harm  when  it  occurs.  The  confidence 
and  trust  of  consumers  will  fall  when  such  a  breach  occurs;  people  will  withdraw  because 
of  privacy  and  security  questions. 

XI.  REAL  ID  Harms  Victims  of  Domestic  Violence  and  Sexual 
Assault 

The  REAL  ID  national  identification  system  creates  difficulties  for  many  groups, 
and  it  has  significant  consequences  for  domestic  violence  and  sexual  assault  victims.164 
The  residential  address  requirements  endanger  the  ability  of  victims  of  domestic  violence, 
sexual  assault,  and  other  crimes  to  hide  from  their  abusers.  The  background  check 
provisions  set  out  in  the  draft  regulations  do  not  fully  protect  these  victims  from  their 
abusers.  In  fact,  the  REAL  ID  system  would  help  abusers  find  and  track  their  victims 
across  the  nation. 

A.  REAL  ID  Endangers  Address  Confidentiality 
Currently,  many  States  allow  domestic  violence  victims  and  others  to  protect  the 
confidentiality  of  their  residential  addresses.  States  have  created  formal  Address 
Confidentiality  Programs  and  states  have  also  provided  general  measures  of  residential 


162  Fed.  Trade  Comm'n,  Consumer  Fraud  and  Identity  Theft  Compliant  Data:  January  -  December  2006 
(Feb.  7,  2007),  available  at  http://www.consumer.gov/sentinel/pubs/TopI0Fraud2006.pdf. 

163  Privacy  Rights  Clearinghouse,  Chronology  of  Data  Breaches, 
http://www.privacyrights.org/ar/ChronDataBreaches.htm. 

164  See  EPIC’s  Page  on  REAL  ID  and  Domestic  Violence,  http://www.epic.org/privacy/dv/real_id.html. 
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address  privacy.  The  proposed  regulations  override  these  substantial  protections,  and  the 
overrides  must  be  removed  from  the  final  regulations.  The  government  must  not  make  it 
easier  for  abusers  to  find  their  victims. 

State  Address  Confidentiality  Programs  are  an  important  tool  for  protecting  the 
safety  of  domestic  violence  and  sexual  assault  victims.  Currently  20  states  have  address 
confidentiality  programs.16'  Generally,  under  such  programs,  domestic  violence  or  sexual 
assault  victims  register  with  the  secretary  of  State  or  their  attorney  general.  The  victim  is 
provided  an  address  with  that  State  office,  which  forwards  the  mail  received  there  to  the 
enrollee's  residential  address.  This  State  office  address  is  used  in  official  correspondence 
with  the  State,  though  businesses  are  not  usually  required  to  use  it. 

The  REAL  ID  Act  requires  that  driver’s  licenses  include  a  person’s  “address  of 
principal  residence."166  This  requirement  effectively  destroys  state  address 
confidentiality  programs.  The  recent  Violence  Against  Women  and  Department  of  Justice 
Reauthorization  Act  (“VAWA")  included  a  requirement  for  DHS  to  “consider  and 
address"  the  needs  of  certain  groups  when  the  agency  is  “developing  regulations  or 
guidance  with  regard  to  identification  documents,  including  driver's  licenses,”16  These 
groups  include  domestic  violence  and  sexual  assault  victims  who  are  entitled  to  be 
enrolled  in  State  address  confidentiality  programs;  whose  addresses  are  entitled  to  be 
suppressed  via  court  order  or  State  or  Federal  law;  or  whose  information  is  protected 


165  See ,  Nat’l  Conference  of  State  Legislatures,  Stales  With  Address  Confidentiality  Programs  for  Domestic 
Violence  Survivors,  http://www.ncsl.org/programs/cyf/dvsurvive.htm  (listing  19  states,  not  including 
Maryland  but  including  Illinois  which  is  unfunded);  See  also.  Maryland  Safe  At  Home  Address 
Confidentiality  Program,  http://www.sos.state.md.us/ACP/Information.htm. 

166  Pub.  L.  No.  109-13,  §  202(b)(6).  1 19  Stat.  231,312(2005). 

167  Pub.  L.  No.  109-162,  §  827,  1 19  Stat.  2960,  3066  (2005). 
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from  disclosure  according  to  Section  384  of  the  Illegal  Immigration  Reform  and 
Immigrant  Responsibility  Act  1996. 168 

In  the  draft  regulations,  DHS  has  not  followed  the  VAWA  requirement;  instead, 
the  agency  has  significantly  reduced  the  protections  afforded  by  these  programs.  The 
proposed  regulations  require  that  addresses  of  principal  residence  be  placed  on  the  face  of 
the  REAL  ID  card  and  include  some  exemptions  from  this  requirement,  such  as  one  for 
those  enrolled  in  Federal  Witness  Security  Programs.16'1  The  regulations  also  exempt 
those  who  are  enrolled  in  State  address  confidentiality  programs.1  11  This  is  not  the  same 
as  creating  an  exemption  for  those  who  are  "entitled  to  be  enrolled  in  the  programs,  as 
stated  under  the  Violence  Against  Women  Act."  In  its  discussion  of  the  proposed  rule, 
DHS  does  propose  to  include  an  exemption  for  those  who  are  "entitled  to  be  enrolled"  in 
state  address  confidentiality  programs.171  DHS  must  include  this  exemption  in  the  final 
regulations.  It  cannot  be  that,  as  currently  stated  under  the  draft  regulations,  only  those 
actually  enrolled  in  State  Address  Confidentiality  Programs  would  be  exempted  from  the 
requirement  to  display  their  residential  addresses  on  the  face  of  the  REAL  ID  card.  Many 
domestic  violence  and  sexual  assault  victims  who  are  entitled  to  enroll  in  State  Address 
Confidentiality  Programs  are  not  actually  enrolled,  for  a  variety  of  personal,  safety  and 
logistical  reasons.  They  should  not  be  punished  for  not  actually  enrolling  in  the  program. 

In  order  to  adequately  "consider  and  address"  the  needs  of  those  who  are  “entitled 
to  be  enrolled”  in  a  State  confidentiality  program,  DHS  must  permit  States  to  allow  those 
who  are  entitled  to  be,  but  are  not  in  address  confidentiality  programs  to  be  exempted 

,6S  Violence  Against  Women  and  Department  of  Justice  Reauthorization  Act  of  2005.  Pub.  L.  No.  109-162, 

§  827,  1 19  Stat.  2960,  3066  (2005). 

,6''  REAL  ID  Draft  Regulations  at  10854,  supra  note  I . 

170  Id.  at  10854. 
m  Id.  at  10836. 
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from  the  address  of  principal  residence  requirement.  DHS  should  allow  individuals  to 
affirm  that  they  fear  victimization  and  would  benefit  from  address  confidentiality.  It 
would  be  problematic  to  burden  State  motor  vehicle  agencies  with  the  determination  of 
who  is  entitled  to  be  enrolled  in  an  address  confidentiality  program.  States  could  rely  on 
the  affirmation,  rather  than  making  a  determination  of  the  merits  of  an  individual’s  need 
for  confidentiality.  This  would  close  the  gap  between  those  domestic  violence  and  sexual 
assault  victims  who  are  “entitled  to  be  enrolled"  and  those  who  are  actually  enrolled  in 
State  Address  Confidentiality  Programs. 

Also,  though  the  proposed  rule  exempts  from  the  residential  address  requirement 
those  whose  addresses  are  “entitled  to  be  suppressed  under  State  or  Federal  law  or 
suppressed  by  a  court  order,"  this  statement  should  be  clarified  to  include  States  that 
generally  allow  individuals  to  display  on  licenses  and  ID  cards  an  address  other  than  their 
principal  place  of  residence.172  Several  States  generally  allow  non-residential  addresses  to 
be  on  driver’s  licenses.  Currently,  at  least  seven  States  permit  an  address  other  than  a 
residential  address  to  be  listed  on  licenses  or  ID  cards  (California.1 73  Florida.1  4 
Montana,17'  New  Mexico,1  6  Oklahoma.1  Wyoming,1  ,s  and  Virginia179).  For  example, 
under  Virginia's  law,  an  applicant  may  choose  to  list  a  post  office  box,  business  or 
residential  address.  The  applicant  is  still  required  to  provide  their  residential  address 


l7:  REAL  ID  Draft  Regulations  at  10854.  supra  note  1 . 
I7-’  Cal.  Veh.  Code  §  1281 1(a)(1)(A). 

174  Fla.  Stat.  Ann.  §  322. 14(  1  )(a). 

175  Mont.  Code.  Ann.  §  61-5-1 1 1. 

176  N.M.  Stat.  Ann.  §  66-5-15  (1978). 

177  Okla.  Stat.  Ann.  tit.  47,  §  6- 1 1 1  ( A)(  1 ). 

178  Wyo.  Stat.  Ann.  §  31-7-1 15(a)(iii). 

179  Va.  Code  Ann.  §  46.2-342(A  1). 

180  Id. 
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for  motor  vehicle  department  records,  but  this  residential  address  is  not  displayed  on  the 
license  or  ID  card.181 

Domestic  violence  survivors,  other  crime  victims,  or  those  generally  interested  in 
protecting  their  privacy  avail  themselves  of  these  State  laws  to  keep  their  addresses 
confidential.  These  laws  are  the  only  way  that  survivors  can  protect  themselves  in  States 
that  do  not  have  formal  address  confidentiality  programs  -  four  of  those  listed  do  not 
(Montana,  New  Mexico,  Virginia  and  Wyoming).  These  general  address  privacy  laws  are 
also  the  only  way  that  those  who  fear  victimization,  but  who  do  not  formally  qualify  for 
State  Address  Confidentiality  programs,  can  protect  themselves. 

Without  this  exemption  allowing  States  to  permit  any  individual  to  protect  her 
privacy  by  listing  a  non-residential  address,  the  victims  of  domestic  violence  and  sexual 
abuse  will  also  face  the  embarrassment  of  disclosing  that  they  are  victims  anytime  that 
their  identification  is  shown.  There  are  few  exceptions  from  the  residential  address 
requirement,  and  anyone  holding  a  REAL  ID  card  without  the  residential  address  listed 
would  immediately  be  placed  into  one  of  these  few  categories. 

B.  National  Database  Threatens  Security  of  Victims  of  Abuse  Crimes 

The  draft  regulations  require  that  States  provide  electronic  access  to  their  motor 
vehicle  database  information  to  all  other  States.18'  Survivors  who  flee  their  abusers, 
crossing  into  different  states,  will  be  exposed  if  their  abuser  breaches  the  security  of  any 
one  of  these  interconnected  databases.  An  abuser  with  an  associate  inside  a  State  DMV, 
law  enforcement,  or  other  agency  with  access  to  the  State  records  would  be  able  to  track 
a  victim  as  the  victim  moves  across  the  country. 

181  Id. 

182  REAL  ID  Draft  Regulations  at  10,856,  supra  note  I. 
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The  danger  of  negligent  and  accidental  disclosures  is  increased  by  REAL  ID,  as 
substantially  more  government  employees  will  have  access  to  all  motor  vehicle  records 
nationwide.  One  example  of  accidental  disclosure  occurred  in  Wisconsin  earlier  this  year 
—  a  police  officer  disclosed  a  victim’s  address,  found  in  a  DMV  record  to  a  stalker;  the 
officer  did  not  know  that  the  victim  had  a  restraining  order  against  this.11"  This  sort  of 
inadvertence  would  happen  much  more  frequently  in  a  post-REAL  ID  world,  as  access  to 
personal  information  is  spread  throughout  the  national  identification  system.  Intentional 
breaches  by  outsiders  or  authorized  insiders  abusing  their  power  would  also  have  a  wider 
scope.  Past  abuses  exemplify  what  can  be  expected  in  a  nationwide  scale.  For  example,  in 
Arizona,  a  police  officer  admitted  to  accessing  motor  vehicle  records  to  find  personal 
information  on  women  he  was  romantically  interested  in,  as  well  as  co-workers.184  If 
REAL  ID  is  implemented,  abusers  and  insiders  would  have  access  to  records  throughout 
the  country  and  would  be  able  to  track  their  victims  no  matter  where  they  flee. 

C.  Proposed  Background  Check  Procedures  Do  Not  Fully  Protect  Victims  of 
Abuse  Crimes 

DHS  proposes  that  certain  government  employees  be  subject  to  criminal  history 
background  checks,  with  certain  offenses  disqualifying  employees  from  specific  jobs 
related  to  the  REAL  ID  national  identification  system.  Covered  employees  would  be 
limited  to  those  who  could  affect  the  recording  of  information,  the  manufacture  of  REAL 
ID  cards,  or  the  information  displayed  on  a  card.186  Employees  who  can  access  the  record 
information  without  the  ability  to  edit  it  are  not  subject  to  the  background  check 

183  Kevin  Murphy,  Officer's  Actions  will  Cost  25.000.  GazetteXtra,  Feb.  15.  2007,  available  at 
http://www.gazetteextra.com/mezera02 1 507.asp. 

184  Michael  Kiefer,  Officer  Admits  to  Tampering;  Databases  Used  to  Check  on  Women,  ARIZONA 
Republic,  April  6,  2006,  at  B3. 

185  REAL  ID  Draft  Regulations  at  10,855.  supra  note  1. 

186  Id.  at  10,856. 
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requirement.  This  massive  loophole  greatly  increases  the  security  and  privacy  risks  of 
domestic  violence  and  sexual  abuse  victims,  as  significant  damage  can  be  done  by 
unauthorized  data  disclosure.  In  order  to  safeguard  against  these  threats,  the  broad 
category  of  those  who  have  access  to  records  should  be  shrunk,  rather  than  increasing  the 
category  of  those  who  are  covered  by  the  background  check  requirement. 

The  suitability  criteria  of  the  background  check  do  not  match  the  threat  of  stalkers 
and  abusers.  DHS  proposes  to  use  the  permanent  and  interim  disqualifying  criteria  in  the 
Transportation  Security  Administration’s  background  checks  for  maritime  and  land 
transportation  security  at  49  C.F.R.  1 572. 1 03. 1  s  The  offenses  include  espionage, 
sedition,  treason,  making  bomb  threats,  and  crimes  involving  transportation  security 
incidents.  Some  of  the  offenses,  such  as  fraud  and  misrepresentation  —  including 
identity  fraud  —  are  relevant  to  the  risks  of  improper  disclosure  and  access  to  the 
records.  However,  crimes  such  as  stalking,  surveillance,  harassment  and  domestic 
abuse  are  not  in  this  list.  These  crimes  must  be  added  to  the  list  of  disqualifying  offenses, 
so  that  the  REAL  ID  system  does  not  create  a  loophole  permitting  abusers  access  to  a 
national  database  that  would  allow  them  to  track  their  victims  no  matter  where  the 
victims  moved. 

D.  REAL  ID  Increases  the  Power  Abusers  Have  Over  Their  Victims 

REAL  ID’s  stringent  document  requirements  will  place  more  power  in  the  hands 
of  abusers.  Fleeing  domestic  violence  or  sexual  abuse  can  be  a  sudden  and  dramatic  step. 
Victims’  advocates  often  counsel  their  clients  to  prepare  “safety  plans,”  which  include 


187  Id.  at  10,856. 

188  49  C.F.R.  1572.103(a). 

189  Id.  at  1 572. 1 03(b)(2)(iii). 
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gathering  key  documents  such  as  passports,  visas,  and  birth  certificates.190  The  proposed 
regulations  limit  the  types  of  documents  that  can  be  used  to  prove  identity,  which  create 
problems  for  many  groups,  including  abuse  victims.191  The  draft  regulations  permit 
exceptions  for  those  who  do  not  have  the  required  documents  “for  reasons  beyond  their 
control.”192  The  exception  requires  that  the  records  “visibly  indicate”  that  alternative 
documentation  was  accepted  and  that  a  “full  explanation"  of  the  reason  be  included  in  the 
record.193  Thus  victims  will  face  the  embarrassment  of  having  intimate  details  of  the 
abuse  they  have  suffered  included  in  a  national  database  accessible  to  thousands  of 
government  employees  across  the  nation.  The  “for  reasons  beyond  their  control” 
exception  must  specifically  include  abuse  victims,  so  that  they  may  not  be  punished  for 
leaving  their  abusers.  The  visible  indication  and  “full  explanation"  included  in  the 
records  should  be  limited  to  the  statement  that  alternative  documents  were  accepted  “for 
reasons  of  personal  safety,”  so  that  victims  need  not  expose  the  history  of  their  abuse  to 
anyone  who  could  view  their  DMV  records. 

Another  problem  is  that  this  “for  reasons  beyond  their  control”  exception  does  not 
apply  to  those  who  must  demonstrate  lawful  immigration  status.194  Under  the  draft 
regulations,  the  demonstration  of  lawful  status  would  require  documents  that  an  abuser 
would  likely  have  control  over.  Abusers  of  immigrants  who  are  able  to  control  their 
victims  immigration  documents  will  be  able  to  control  the  victim’s  ability  to  obtain  a 

190  E.g.,  Oakland  County  Coordinating  Council  Against  Domestic  Violence,  Domestic  Violence  Handbook 
-  Personalized  Safety  Plan,  at  http://www.domesticviolence.org/plan.html  (last  visited  Mar.  30,  2007) 
(“Items  to  take,  if  possible. . .  Birth  Certificates  . . .  Social  security  cards  . . .  Passports,  green  cards,  work 
permits”). 

191  REAL  ID  Draft  Regulations  at  10,852.  supra  note  1 ;  see  Data  Verification  discussion,  supra  Section  VI 
(general  problems  with  the  standards). 

192  REAL  ID  Draft  Regulations  at  10,852,  supra  note  I . 
mld. 

mld. 
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REAL  ID  card  or  license.  The  “for  reasons  beyond  their  control”  exception  must  be 
extended  to  those  victims  who  must  prove  lawful  immigration  status,  so  that  the  abusers 
cannot  use  these  documents  to  trap  their  victims  into  staying  in  abusive  situations.  The 
exception  permitting  those  who  do  not  have  access  to  documents  to  use  alternative 
documentation  should  be  extended  to  the  proof  of  lawful  immigration  status.  Here,  also, 
the  visible  indication  and  “full  explanation”  included  in  the  victims’  DMV  records  should 
be  limited  to  the  statement  that  alternative  documents  were  accepted  “for  reasons  of 
personal  safety,”  so  that  victims  need  not  expose  the  history  of  their  abuse  to  anyone  and 
everyone  who  could  view  their  DMV  records. 

XII.  Metasystem  of  Identification  Is  Better  Choice 

Once  personal  data  has  fallen  into  the  hands  of  an  identity  thief,  the  potential  for 
its  misuse  is  proportionate  to  the  extent  that  the  information  can  be  used  for  illegitimate 
authentication.  We  have  already  explained  why  a  universal  identifier  will  not  improve 
security.  Rather  than  promoting  the  use  of  universal  identifiers,  EPIC  advocates  the 
distribution  of  identity  or  an  identity  metasystem  in  which  authentication  is  confined  to 
specific  contexts  in  order  to  limit  the  scope  for  potential  misuse.  The  danger  of  a  single 
identifier  is  that  the  harm  will  be  magnified  when  it  is  compromised. 

A  system  of  distributed  identification  reduces  the  risks  associated  with  security 
breaches  and  the  misuse  of  personal  information.  For  example,  a  banking  PIN  number,  in 
conjunction  with  a  bank  card,  provides  a  better  authentication  system  because  it  is  not 
coupled  with  a  single,  immutable  consumer  identity.  If  a  bank  card  and  PIN  combination 
is  compromised,  a  new  bank  card  and  PIN  number  can  be  issued  and  the  old  combination 
cancelled,  limiting  the  damage  done  by  the  compromised  data.  Drawbacks  of  such 
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structures,  including  the  possibility  for  the  existence  of  multiple  cards,  are  currently  being 
addressed  by  the  creation  of  an  identity  metasystem  in  which  multiple  identities  can  be 
loosely  coupled  within  a  single  secure  system.195 

Distributing  identity  in  this  way  allows  for  different  profiles  to  be  used  in 
different  authenticating  contexts.  New  profiles  can  be  created  as  required  within  a  single 
identity  metasystem.  Misuse  is  therefore  limited  to  the  context  of  the  information 
breached,  whether  it  is  a  single  bank  account,  online  merchant,  or  medical  records. 

Possibilities  for  data  misuse  can  also  be  limited  at  the  data  collection  stage.  EPIC 
has  previously  called  attention  to  the  need  for  Web  sites  to  stop  storing  customer  credit 
card  information.'9''  Amassing  large  databases  of  credit  card  numbers  creates  an  attractive 
target  for  potential  identity  thieves.  Creating  a  national  ID  card  under  REAL  ID  also 
creates  an  attractive  target  for  potential  identity  thieves  -  imagine  having  access  to  digital 
copies  of  “breeder”  documents,  such  as  certified  birth  certificates  and  SSN  cards. 

First  and  foremost,  the  best  response  is  not  to  create  a  centralized  identification 
system  such  as  the  one  realized  under  REAL  ID.  Another  simple  response  to  identity 
theft  is  to  require  a  PIN  to  be  used  in  conjunction  with  all  identification  cards.  A  third 
response  is  to  forbid  third-party  collection  or  storage  of  data  from  identification  cards.  An 
identity  metasystem  would  further  reduce  the  value  of  such  aggregated  database  targets, 
because  authenticators  would  be  separate  and  distinct  from  all  personally  identifiable 
information. 

Finally,  technological  measures  can  be  used  to  improve  the  reliability  of 
authentication  while  respecting  consumer  privacy.  International  research  efforts  are 

195  Kim  Cameron,  The  Laws  of  Identity,  Identity  Weblog.  Dec.  9.  2004, 
http://www.identityblog.com/stories/2004/12/09/thelaws.html. 

196  See  EPIC’s  Page  on  Identity  Theft:  Causes  and  Solutions,  http://www.epic.org/privacy/idtheft/. 
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currently  underway  to  create  authentication  systems  that  preserve  anonymity,  and  include 
the  development  of  new  privacy  enhancing  technologies  for  use  in  such  schemes.117 
These  privacy  enhancing  technologies  allow  for  the  separation  of  authentication  and 
identification  and  are  being  deployed  in  response  to  security  vulnerabilities.  Such 
technologies  may  plug  in  to  identity  metasystems,  such  as  Microsoft’s  CardSpace.  While 
the  default  settings  of  CardSpace  do  not  currently  meet  recognized  standards  for  privacy 
preservation,19*  this  model  should  be  studied  in  detail.199 
XIII.  Implementation  Just  Not  Possible  Under  Current  Timeline 

Two  years  after  Congress  rushed  through  passage  of  the  REAL  ID  Act,  the 
Department  of  Homeland  Security  announced  on  March  1  proposed  regulations  to  create 
the  REAL  ID  national  identification  system.  The  draft  regulations  were  released  about  14 
months  before  the  May  2(X)8  implementation  deadline.  After  enormous  criticism  from  the 
public  and  the  States,  DHS  extended  the  deadline,  but  not  by  much. 

Comments  on  the  draft  regulations  are  due  by  May  8.  DHS  says  it  will  review  the 
public  comments  and  take  them  into  consideration  for  the  final  regulations,  the  release  of 
which  is  expected  in  August  or  September.7""  In  the  draft  regulations,  DHS  says  it 


197  See,  e.g.,  Carlisle  Adams,  Delegation  and  Proxy  Services  in  Digital  Credential  Environments ,  Presented 
at  the  7th  Annual  Privacy  and  Security  Workshop.  Your  Identity  Please:  Identity’  Theft  and  Identity 
Management  in  the  21st  Century  (Nov.  2,  2006),  available  at 

http://www.idtrail.org/files/cacrwkshpdigcred02nov06.pdf;  Stefan  Brands,  Non-lntrusive  Cross-Domain 
Digital  Identity  Management,  Presented  at  Proceedings  of  the  3rd  Annual  PKI  R&D  Workshop  (Apr. 

2004),  available  at  http://www.idtrail.org/files/cross_domain_identity.pdf;  David  Chaum,  Secret-Ballot 
Receipts:  True  Voter-Verifiable  Elections,  Presented  at  ITL  Seminar  Series,  Secret-Ballot  Receipts:  True 
Voter-Verifiable  Elections,  Nat'l  Inst,  of  Standards  &  Tech.  (May  19.  2004);  Paul  Van  Oorschot  and  S. 
Stubblebine,  Countering  Identity  Theft  through  Digital  Uniqueness,  Location  Cross-Checking,  and 
Funneling,  Fin.  Cryptography  &  Data  Sec.  (2005),  available  at 
http://www.scs.carleton.ca/~paulv/papers/pvoss6- 1  .pdf. 

I9S  Stefan  Brands,  User  centric  identity:  boon  or  worst  nightmare  to  privacy?.  Identity  Comer,  Nov.  1 7, 
2006,  http://www.idcorner.org/?p=  1 42. 

199  See  generally,  Nat’l  Research  Council,  Who  Goes  There?  Authentication  Through  the  Lens 
OF  Privacy  (Nat’l  Academies  2003). 
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“strongly  encourages  States  to  submit  certification  packages  by  October  1 ,  2007,”  and 
sets  a  drop-dead  date  of  February  10,  2008,  for  states  to  file  these  certification  packages, 
which  detail  States’  plans  to  fulfill  the  obligations  detailed  in  the  final  regulations.201 
These  certification  packages  include  a  “comprehensive  security  plan  for  [each  State’s] 
DMV  offices  and  driver’s  license  storage  and  production  facilities,  databases,  and 
systems  utilized  for  collecting,  disseminating  or  storing  information  used  in  the  issuance 
of  REAL  ID  licenses.”202  This  comprehensive  security  plan  must  also  include  "how  the 
State  will  protect  the  privacy  of  the  data  collected,  used,  and  maintained  in  connection 
with  REAL  ID,  including  all  the  source  documents.”20'  The  certification  packages  must 
also  include  an  exceptions  process  for  people  who  cannot  fulfill  the  requirements 
necessary  to  receive  a  REAL  ID  card.21" 

The  two-year  delay  in  releasing  draft  regulations  and  the  short  timeline  for  the 
States  to  create  “certification  packages”  detailing  how  they  will  comply  with  the  final 
regulations  makes  it  virtually  impossible  for  the  States  to  create  useful  implementation 
plans  that  take  privacy  and  security  questions  into  consideration.  This  fast-track 
scheduling  makes  it  appear  dubious  that  DHS  will  take  comments  submitted  by  the 
public  into  account  when  creating  the  final  regulations  for  REAL  ID  implementation, 
though  the  agency  is  required  to  under  law. 

XIV.  REAL  ID  Must  Be  Repealed 

REAL  ID  is  fundamentally  flawed  because  it  creates  a  national  identification 
system.  It  cannot  be  fixed  no  matter  what  the  implementation  regulations  say.  Therefore, 

201  REAL  ID  Draft  Regulations  at  10.824.  supra  note  I . 

202  Id.  at  10,825. 

203  Id.  at  10,825. 

204  Id.  at  10,822. 
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the  REAL  ID  Act  must  be  repealed.  Federal  legislation  has  been  introduced  to  repeal  the 
REAL  ID  Act/"1  Arkansas.  Maine.  Idaho.  Montana,  and  Washington  State  all  have 
passed  legislation  rejecting  the  REAL  ID  Act.  and  more  than  20  other  states  are  debating 
similar  legislation.206 

The  Department  of  Homeland  Security  protests  that  it  must  implement  the  REAL 
ID  Act,  but  Homeland  Security  Secretary  Michael  Chertoff  has  worked  with  members  of 
Congress  in  the  past  on  problems  with  implementing  the  REAL  ID  Act.20  He  can 
continue  to  work  with  members  of  Congress  to  reject  this  national  identification  scheme. 

XV.  Conclusion 

For  the  foregoing  reasons,  the  Coalition  urges  the  Department  of  Homeland 
Security  to  recommend  to  Congress  that  REAL  ID  is  unworkable  and  must  be  repealed. 
The  REAL  ID  Act  creates  an  illegal  de  facto  national  identification  system  filled  with 
threats  to  privacy,  security  and  civil  liberties  and  undermines  well-established  principles 
of  law  found  in  the  Privacy  Act.  Assuming  that  REAL  ID  is  repealed,  any  subsequent 
legislation  should  be  subjected  to  extensive  review  that  explicitly  addresses  all  of  the 
issues  raised  in  this  document. 


Respectfully  submitted, 

Electronic  Privacy  Information  Center 


205  See  EPIC's  page  on  National  ID  Cards  and  the  REAL  ID  Act  page. 

http://www.epic.org/privacy/id_cards/  (information  about  federal  and  state  legislation  concerning  REAL 
ID). 

206  Id. 

207  At  the  press  conference  announcing  the  release  of  the  draft  regulations  for  REAL  ID  implementation. 
Secretary  Chertoff  said.  “And,  I  want  to  say  in  particular  that  in  formulating  the  proposal  that  we're 
announcing  today  we  were  delighted  to  work  closely  with  governors  and  members  of  Congress.”  Michael 
Chertoff,  Sec’y,  Dep’t  of  Homeland  Sec..  Remarks  at  a  Press  Conference  on  REAL  ID  (Mar.  1, 2007), 
transcript  available  at  http://www.dhs.gov/xnews/releases/pr_l  1 7283439296 l.shtm. 
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Executive  Summary 


Throughout  its  history,  the  United  States  has  rejected  the  idea  of  a 
national  identification  system.  Yet,  the  Department  of  Homeland  Security 
continues  to  push  forward  a  system  of  identification  that  has  been  widely 
opposed.  The  REAL  ID  Act  mandates  that  State  driver's  licenses  and  ID  cards 
follow  federal  technical  standards  and  verification  procedures  issued  by 
Homeland  Security.  REAL  ID  also  enables  tracking,  surveillance,  and  profiling  of 
the  American  public. 

May  11,  2008  was  the  statutory  deadline  for  implementation  of  the  REAL 
ID  system,  but  not  one  State  is  in  compliance  with  the  federal  law  creating  a 
national  identification  system.  In  fact,  19  States  have  passed  resolutions  or  laws 
rejecting  the  national  ID  program.  The  Department  of  Homeland  Security  has 
faced  so  many  obstacles  that  the  agency  now  plans  an  implementation  deadline 
of  2017  —  nine  years  later  than  the  2008  statutory  deadline. 

Homeland  Security  claims  that  it  is  making  strides  in  implementing  the 
national  ID  program.  Homeland  Security  Secretary  Michael  Chertoff  encourages 
the  use  of  the  REAL  ID  system  for  a  wide  variety  of  purposes  unrelated  to  the 
law  that  authorized  the  system.  In  an  opinion  column  written  by  Secretary 
Chertoff  after  the  publication  of  the  final  rule  in  January,  he  said,  "embracing 
REAL  ID"  would  mean  it  would  be  used  to  "cash  a  check,  hire  a  baby  sitter, 
board  a  plane  or  engage  in  countless  other  activities."  None  of  these  uses  for  the 
REAL  ID  have  a  legal  basis.  Each  one  creates  a  new  risk  for  Americans  who  are 
already  confronting  the  staggering  problem  of  identity  theft. 

Last  year,  EPIC  submitted  detailed  comments  to  the  DHS  on  the  draft 
proposal  for  REAL  ID.  With  the  assistance  of  many  experts,  we  attempted  to 
address  the  enormous  challenge  in  the  project  proposal.  In  the  following  report, 
EPIC  details  the  many  problems  with  the  final  plan  to  implement  this  vast 
national  identification  system.  The  REAL  ID  system  remains  filled  with  threats  to 
privacy,  security  and  civil  liberties  that  have  not  been  resolved. 


Marc  Rotenberg  Melissa  Ngo 

EPIC  Executive  Director  Director,  EPIC  Identification 

&  Surveillance  Project* 


*  EPIC  Skaddeti  Fellow  Guilherme  Roschke  contributed  to  this  report. 
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I.  Introduction:  History  of  National  Identification 

National  identification  cards  have  long  been  advocated  as  a  means  to 
enhance  national  security;  unmask  potential  criminals,  chiefly  terrorists;  and 
guard  against  illegal  immigration.1  The  cards  are  used  in  many  countries 
including  Belgium,  Egypt,  France,  Germany,  Greece,  Hong  Kong,  Malaysia,  and 
South  Africa.2  Currently,  the  United  States  and  the  United  Kingdom  continue  to 
debate  the  merits  of  adopting  national  ID  cards.  The  types  of  card,  their 
functions,  and  privacy  safeguards  vary  widely. 

EPIC  and  Privacy  International's  Privacy  and  Human  Rights:  An 
International  Survey  of  Privacy  Laivs  and  Developments,  explains  the  basics  of  the 
technology  used  in  national  ID  cards: 

In  recent  years  technology  has  rapidly  evolved  to  enable  electronic  record 
creation  and  the  construction  of  large  commercial  and  State  databases.  A 
national  identifier  contained  in  an  ID  card  enables  disparate  information 
about  a  person  that  is  stored  in  different  databases  to  be  easily  linked  and 
analyzed  through  data  mining  techniques.  ID  cards  are  also  becoming 
"smarter"  -  the  technology  to  build  microprocessors  the  size  of  postage 
stamps  and  put  them  on  wallet-sized  cards  has  become  more  affordable. 
This  technology  enables  multiple  applications  such  as  a  credit  card,  library 
card,  health  care  card,  driver's  license  and  government  benefit  program 
information  to  be  all  stored  on  the  same  national  ID  along  with  a 
password  or  a  biometric  identifier.3 

During  the  history  of  the  national  ID  card  debate  in  the  United  States, 
Americans  have  consistently  rejected  the  creation  of  such  a  system.  When  the 
Social  Security  Number  ("SSN")  was  created  in  1936,  it  was  meant  to  be  used 
only  as  an  account  number  associated  with  the  administration  of  the  Social 
Security  system.4  Though  use  of  the  SSN  has  expanded  considerably,  it  is  not  a 
universal  identifier  and  efforts  to  make  it  one  have  been  consistently  rejected.  In 
1971,  the  Social  Security  Administration  task  force  on  the  Social  Security 
Number3  declined  to  transform  the  number  into  an  ID  card.6  The  Health, 
Education  and  Welfare  Secretary's  Advisory  Committee  on  Automated  Personal 
Data  Systems  in  1973  again  rejected  the  creation  of  a  national  identifier  and 
advocated  the  establishment  of  significant  safeguards  to  protect  personal  data. 
The  committee  said: 

We  recommend  against  the  adoption  of  any  nationwide,  standard, 
personal  identification  format,  with  or  without  the  SSN,  that  would 
enhance  the  likelihood  of  arbitrary  or  uncontrolled  linkage  of  records 
about  people,  particularly  between  government  or  government-supported 
automated  personal  data  systems.  What  is  needed  is  a  halt  to  the  drift 
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toward  [a  standard  universal  identifier]  and  prompt  action  to  establish 
safeguards  providing  legal  sanctions  against  abuses  of  automated 
personal  data  systems.7 

The  Federal  Advisory  Committee  on  False  Identification  also  advised 
against  the  use  of  a  national  identifier  in  1976.8  In  1977,  the  Privacy  Protection 
Study  Commission  recommended  against  the  adoption  of  a  national  ID  system.9 
In  its  report.  Personal  Privacy  in  an  Information  Society,  the  commission  said  that  it: 

sees  a  clear  danger  that  a  government  record  system,  such  as  that 
maintained  by  the  Social  Security  Administration  or  the  Internal  Revenue 
Service,  will  become  a  de  facto  central  population  register  unless  prevented 
by  conscious  policy  decisions.  Therefore  [...]  the  Federal  government 
should  act  positively  to  halt  the  incremental  drift  toward  creation  of  a 
standard  universal  label  and  central  population  register  until  laws  and 
policies  regarding  the  use  of  records  about  individuals  are  developed  and 
shown  to  be  effective.10 

In  Congressional  testimony  in  1981,  Attorney  General  William  French 
Smith  stated  that  the  Reagan  administration  was  "explicitly  opposed  to  the 
creation  of  a  national  identity  card."11  The  Clinton  administration  advocated  a 
"Health  Security  Card"  in  1993  and  assured  the  public  that  the  card,  issued  to 
every  American,  would  have  "full  protection  for  privacy  and  confidentiality."12 
Still,  the  idea  was  rejected  and  the  card  never  was  created.  In  1999,  Congress 
repealed  a  controversial  provision  in  the  Illegal  Immigration  Reform  and 
Immigrant  Responsibility  Act  of  1996  that  authorized  the  inclusion  of  SSNs  on 
driver's  licenses.13 

In  response  to  the  tragic  events  of  September  11,  2001,  there  has  been 
renewed  interest  in  the  creation  of  national  ID  cards.  Soon  after  the  attacks,  Larry 
Ellison,  head  of  California-based  software  company  Oracle  Corporation,  called 
for  the  development  of  a  national  identification  system  and  offered  to  donate  the 
technology  to  make  this  possible.  He  proposed  ID  cards  with  embedded 
digitized  thumbprints  and  photographs  of  all  legal  residents  in  the  U.S.14  There 
was  much  public  debate  about  the  issue,  and  Congressional  hearings  were  held. 
Former  House  Speaker  Newt  Gingrich  testified  that  he  "would  not  institute  a 
national  ID  card  because  you  do  get  into  civil  liberties  issues."15  Congress,  in 
establishing  the  Department  of  Homeland  Security,  expressly  prohibited  the 
agency  from  developing  National  ID  systems.16  The  Act  stated  simply: 

Nothing  in  this  Act  shall  be  construed  to  authorize  the 
development  of  a  national  identification  system  or  card.17 
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Nonetheless,  the  Department  of  Homeland  Security  continues  to  push 
forward  with  the  REAL  ID  plan,  as  well  as  other  proposals  for  identification  and 
tracking.18 

II.  The  Creation  of  the  REAL  ID  System 

In  May  2005,  the  REAL  ID  Act  was  appended  to  a  bill  providing  tsunami 
relief  and  military  appropriations  and  passed  with  little  debate  and  no 
hearings.19  It  was  passed  in  this  manner  even  though  Republican  and  Democratic 
lawmakers  in  the  Senate  urged  Senate  Majority  Leader  Bill  Frist  to  allow 
hearings  on  the  bill  and  to  permit  a  separate  vote  on  the  measure.20  The  senators 
said  they  believe  "Legislating  in  such  a  complex  area  without  the  benefit  of 
hearings  and  expert  testimony  is  a  dubious  exercise  and  one  that  subverts  the 
Senate's  deliberative  process."21  Even  though  Congress  was  unable  to  debate  the 
matter,  civil  liberties  organizations  began  a  public  dialogue  shortly  after  passage 
of  the  REAL  ID  Act.22 

When  the  agency  released  the  draft  regulations  in  March  2007,  it  received 
more  than  21,000  public  comments.23  EPIC  joined  24  experts  in  privacy  and 
technology  in  submitting  comments  that  detailed  significant  privacy  and  security 
problems  in  the  draft  regulations.24  EPIC  also  encouraged  public  participation  in 
the  rulemaking  process  through  a  project  organized  by  the  Privacy  Coalition, 
and  in  collaboration  with  over  60  organizations  and  more  than  200  Internet 
bloggers.25 

On  January  11,  2008,  about  two  and  a  half  years  after  the  passage  of  the 
REAL  ID  Act  of  2005,  Department  of  Homeland  Security  Secretary  Michael 
Chertoff  released  the  final  rule  to  implement  the  national  identification  system 
created  under  the  Act.26  The  proposal  has  drawn  sharp  criticism  from  State 
governments,27  members  of  Congress,28  civil  liberties  advocates,29  and  security 
experts.30 

In  response  to  the  public  comments  to  the  draft  regulations,  the 
Department  of  Homeland  Security  scaled  back  some  of  the  requirements, 
reduced  the  cost,  and  extended  the  deadline  for  State  compliance  in  the  final  rule 
for  the  REAL  ID  system.31  However,  Secretary  Chertoff  continues  to  encourage 
the  use  of  the  REAL  ID  system  for  a  wide  variety  of  purposes  unrelated  to  the 
law  that  authorized  the  system,  including  employment  eligibility  verification.32 
He  also  indicates  that  the  agency  would  not  prevent  the  use  of  the  card  by 
private  parties  for  non-government  purposes.33  Also,  as  part  of  the  cost-saving 
effort.  Homeland  Security  decided  not  to  encrypt  the  data  that  will  be  stored  on 
the  card.34 
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Though  the  Department  of  Homeland  Security  made  some  modification 
and  attempted  to  solve  several  problems  described  in  the  public  comments,  the 
changes  are  not  enough.  REAL  ID  remains  unworkable  and  should  be  repealed. 
The  Department  of  Homeland  Security  is  attempting  to  create  an  illegal  de  facto 
national  identification  system  filled  with  threats  to  privacy,  security  and  civil 
liberties  that  cannot  be  solved,  no  matter  what  the  implementation  plan  set  out 
by  the  regulations. 

Even  if  REAL  ID  implementation  were  to  go  forward,  the  final  regulations 
include  poor  privacy  and  security  safeguards  for  the  sensitive  personal  data  of 
cardholders.  The  changes  made  in  response  to  public  comments  about  the 
proposed  draft  regulations  are  marginal,  at  best.  For  such  a  system  to  have  the 
minimum  protections  necessary,  the  requirements  of  the  Privacy  Act  of  1974 
must  be  fully  enforced  for  all  uses  of  the  data,  current  and  future.35  Agencies 
should  not  be  permitted  to  assert  any  exemptions,  and  individuals  must  be 
granted  all  rights,  including  the  judicially  enforceable  right  to  access  and  correct 
their  records  and  to  ensure  compliance  with  all  Privacy  Act  requirements. 
Moreover,  technical  safeguards  need  to  be  incorporated  into  both  the  identity 
card  and  the  databases  systems.  The  DHS  failed  to  establish  adequate  safeguards 
for  privacy  and  security. 

In  our  May  2007  comments  to  Department  of  Homeland  Security 
concerning  the  draft  REAL  ID  regulations,  EPIC  listed  several  privacy  and 
security  problems  inherent  in  this  national  identification  scheme.  Below,  we 
detail  how  the  final  regulations  have  changed  the  REAL  ID  system  and  whether 
our  criticisms  were  answered. 

A.  REAL  ID  Is  Still  Not  Voluntary 

The  Department  of  Homeland  Security  has  repeatedly  stated  that  REAL 
ID  is  not  mandatory,  therefore,  it  is  not  an  unfunded  mandate.  However,  in 
EPIC's  May  2007  comments  on  the  draft  REAL  ID  regulations,  we  explained  the 
reasons  why  REAL  ID  is  not  a  "voluntary"  program.  "States  are  under 
considerable  pressure  to  implement  REAL  ID  and  citizens  who  fail  to  carry  the 
new  identity  document  will  find  it  impossible  to  pursue  many  routine 
activities."36  Also,  "The  administration  has  also  pursued  a  heavy-handed  assault 
on  those  who  have  raised  legitimate  questions  about  the  efficacy,  cost,  and 
impact  of  the  [REAL  ID]  program.  [. . .]  In  Congressional  testimony,  a  high- 
ranking  DHS  official  said,  'Any  State  or  territory  that  does  not  comply  increases 
the  risk  for  the  rest  of  the  Nation.'  "37 

In  the  final  rule,  the  Department  of  Homeland  Security  does  nothing  to 
change  this  initial  assessment.  In  fact,  the  REAL  ID  initiative  has  practically 
invited  proposals  for  expanded  identification  requirements  in  the  United  States.38 
Though  the  agency  limited  the  "official  purposes"  of  REAL  ID  cards  to  the 
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statutorily  mandated  purposes  ("boarding  of  Federally-regulated  commercial 
aircrafts,  entering  of  Federal  facilities,  and  nuclear  power  plants"),  the  agency 
said  it  "will  continue  to  consider  additional  ways  in  which  a  REAL  ID  license  can 
or  should  be  used."39  In  its  discussion  of  the  final  rule,  DHS  also  said 
"widespread"  acceptance  of  the  REAL  ID  national  identification  system  could 
lead  to  restrictions  in  "access  to  public  subsidies  and  benefits  programs"  as  well 
as  restricting  access  to  firearms  or  even  elections.40  In  his  remarks  announcing 
the  final  rule,  DHS  Secretary  Michael  Chertoff  said  that  "it  is  probably 
reasonably  predictable  that  as  these  licenses  become  more  widely  distributed," 
then  more  groups  will  choose  to  use  REAL  ID  cards;  in  fact,  he  said  they  would 
likely  "flock"  to  the  REAL  ID  national  identification  system.41 

The  Department  of  Homeland  Security  continues  its  assault  against  States 
that  contemplate  rejection  of  the  REAL  ID  national  identification  system.  In  the 
discussion  of  the  final  rule,  the  agency  said  it  "believes  that  many  States  may 
find  noncompliance  an  unattractive  option"  because  the  States  would  not  be  able 
to  "maintain  the  conveniences  enjoyed  by  their  residents  when  using  their  State- 
issued  driver's  licenses  and  non-driver  identity  cards  for  official  purposes, 
particularly  as  it  pertains  to  domestic  air  travel."42 

"That  will  mean  real  consequences  for  their  citizens  starting  in  May  if 
their  leadership  chooses  not  to  comply,"  Department  of  Homeland  Security 
spokeswoman  Laura  Keehner  said  in  January.43  "That  includes  getting  on  an 
airplane  or  entering  a  federal  building,  so  they  will  need  to  get  passports." 

(emphasis  added) 44  This  is  a  significant  monetary  penalty,  as  U.S.  passports 
currently  cost  $85  to  $100 45  DHS  itself  admits  that  only  "25%  of  the  population 
already  holds  a  valid  passport."46 

EPIC's  assessment  concerning  the  "voluntary"  nature  of  the  REAL  ID 
national  identification  system  remain  unchanged  from  May.  The  Department  of 
Homeland  Security's  declared  support  for  and  expectation  of  "widespread"  use 
of  the  REAL  ID  systems,  and  the  agency's  continued  pressure  on  the  States  and 
penalties  for  noncompliance  prove  the  involuntariness  of  the  national 
identification  program. 

B.  Standards  for  ID  Documents  Remain  Burdensome  for  Many 

Under  the  REAL  ID  Act,  States  are  required  to  obtain  and  verify 
documents  from  applicants  that  establish  "(A)  A  photo  identity  document, 
except  that  a  non-photo  identity  document  is  acceptable  if  it  includes  both  the 
person's  full  legal  name  and  date  of  birth.  (B)  Documentation  showing  the 
person's  date  of  birth.  (C)  Proof  of  the  person's  social  security  account  number  or 
verification  that  the  person  is  not  eligible  for  a  social  security  account  number. 

(D)  Documentation  showing  the  person's  name  and  address  of  principal 
residence"  and  "Evidence  of  lawful  status."47  Though  DHS  has  made  minimal 
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changes  to  the  standards  for  identity  documents  that  REAL  ID  applicants  must 
provide,  the  agency  has  not  solved  the  problems  EPIC  detailed  in  the  May  2007 
comments. 

Under  the  final  regulations,  the  only  documents  that  could  be  accepted  by 
the  States  to  issue  these  new  identity  cards  would  be:  (1)  valid  unexpired  U.S. 
passport;  (2)  certified  copy  of  a  birth  certificate;  (3)  consular  report  of  birth 
abroad;  (4)  unexpired  permanent  resident  card;  (5)  unexpired  employment 
authorization  document;  (6)  unexpired  foreign  passport  with  valid  U.S.  visa 
affixed  and  "the  approved  1-94  form  documenting  the  applicant's  most  recent 
admittance  into  the  United  States";  (7)  U.S.  certificate  of  naturalization;  (8)  U.S. 
certificate  of  citizenship;  or  (9)  REAL  ID  driver's  license  or  identification  card 
issued  in  compliance  with  the  final  regulations.48  Notably,  in  the  final 
regulations,  the  agency  "has  added  a  provision  that  would  allow  DHS  to  change 
the  list  of  documents  acceptable  to  establish  identity  following  publication  of  a 
notice  in  the  Federal  Register."49  Therefore,  the  Department  of  Homeland 
Security  could  make  the  identification  document  requirements  even  more 
burdensome  at  a  later  date. 

These  documents  are  virtually  unchanged  from  those  listed  in  the  draft 
regulations,  and  such  difficult  standards  for  acceptable  identification  documents 
would  limit  the  ability  of  some  individuals  to  get  a  State  driver's  license.  As  we 
explained  in  May  2007,  "There  are  questions  as  to  whether  some  citizens  could 
produce  these  documents,  among  them  Native  Americans,  victims  of  natural 
disasters,  domestic  violence  victims,  the  homeless,  military  personnel,  or  elderly 
individuals."50  We  noted  that  the  Department  of  Homeland  Security  attempted 
to  resolve  this  problem  by  allowing  the  States  to  voluntarily  create  an  exceptions 
process  for  extraordinary  circumstances,  but  "though  DHS  set  minimum 
standards  for  data  collection,  retention  and  documentation  of  the  transaction,  the 
agency  did  not  set  minimum  standards  for  eligibility,  length  of  process,  or  cost  of 
process."51 

The  document  requirements  create  specific  problems  for  domestic 
violence  victims.  Under  the  draft  regulations,  the  demonstration  of  lawful  status 
would  require  documents  that  an  abuser  would  likely  have  control  over.52 
Abusers  of  immigrants  who  are  able  to  control  their  victims'  immigration 
documents  will  be  able  to  control  the  victim's  ability  to  obtain  a  REAL  ID  card  or 
license.  EPIC  urged  the  Department  of  Homeland  Security  to  extend  exceptions 
to  those  victims  who  must  prove  lawful  immigration  status,  so  that  the  abusers 
cannot  use  these  documents  to  trap  their  victims  into  staying  in  abusive 
situations.  We  also  recommended  that  the  exception  permitting  those  who  do  not 
have  access  to  documents  to  use  alternative  documentation  should  be  extended 
to  the  proof  of  lawful  immigration  status. 
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The  REAL  ID  final  rule  is  a  little  more  sensitive  to  the  problems  of 
immigrant  victims  of  domestic  abuse.  In  the  final  rule,  there  is  no  requirement 
that  records  visibly  indicate  alternative  documentation  or  that  "full 
explanations"  be  attached  when  the  exceptions  process  is  invoked.53  The 
Department  of  Homeland  Security  also  indicates  that  simple  explanations  such 
as  "for  reasons  of  public  safety"  or  other  "generic  expressions"  may  be  used.54 
The  exceptions  process  is  also  extended  to  allow  determination  of  lawful  status 
in  the  case  of  U.S.  citizenship,  but  not  other  status.55  However,  the  Department  of 
Homeland  Security  leaves  unaddressed  the  problem  of  immigrant  women  whose 
abusers  destroy,  steal  or  otherwise  control  their  documents. 

Also  problematic  is  that,  in  the  final  rule,  DHS  explicitly  removed  the  only 
substantive  guidance  it  detailed  on  the  exceptions  process.  In  the  draft 
regulations,  DHS  stated  that  persons  bom  before  1935  might  not  have  been 
issued  birth  certificates,  so  they  might  be  eligible  for  the  exceptions  process.56  But 
in  the  final  rule,  DHS  removes  this  eligibility  exemption.57  In  the  final 
regulations,  there  is  nothing  that  explains  to  either  States  or  individuals  how 
REAL  ID  applicants  could  prove  eligibility  (other  than  that  the  "process  may  not 
be  used  by  non-citizens  to  establish  lawful  status  in  the  United  States"),58  how 
long  the  process  would  take  (days,  weeks,  months  or  even  years),  or  if  applicants 
could  even  afford  the  cost  of  the  exceptions  process,  which  would  be  above  and 
beyond  the  already-high  cost  of  the  REAL  ID  card. 

C.  REAL  ID's  Data  Verification  Procedures  Still  Based  on  Faulty  Premises 

In  EPIC's  May  2007  comments,  we  detailed  specific  problems  with  the 
draft  regulations'  data  verification  procedures,  including,  1)  DHS  relies  on 
verification  databases  that  are  not  available,  2)  of  the  databases  that  are  available, 
some  are  not  widely  available,  3)  of  the  databases  that  are  available,  government 
and  independent  analyses  have  proven  (and  the  Department  of  Homeland 
Security  itself  has  admitted)  that  there  the  information  in  these  databases  are 
incomplete  or  full  of  errors),  and  4)  State  DMV  employees  are  unable  and  should 
not  be  forced  to  become  federal  immigration  officials.59  The  final  regulations 
promulgated  by  the  Department  of  Homeland  Security  do  not  adequately 
address  these  problems. 

Beyond  the  national  identification  system  created  by  the  State-to-State 
data  exchange,  two  of  four  verification  systems  required  are  not  fully  deployed 
nationwide  and  third  does  not  even  exist.  The  database  systems  the  States  are 
required  to  verify  applicant  information  against  are:  (1)  Electronic  Verification  of 
Vital  Events  ("EWE"),  for  birth  certificate  verification;  (2)  Social  Security  On- 
Line  Verification  ("SSOLV"),  for  Social  Security  Number  verification;  (3) 
Systematic  Alien  Verification  for  Entitlements  ("SAVE"),  for  immigrant  status 
verification;  and  (4)  an  as-yet  uncreated  Department  of  State  system  "to  verify 


EPIC 


7 


May  2008 


REAL  ID  Implementation  Review:  Few  Benefits,  Staggering  Costs 


passports,  U.S.  visas,  and  other  information  held  by  the  Department  of  State," 
such  as  Consular  Reports  of  Birth,  and  Certifications  of  Report  of  Birth.60 

When  the  draft  regulations  were  released,  the  only  system  that  was 
available  for  nationwide  deployment  is  SSOLV,  and  a  survey  of  States  by  the 
National  Governors  Association  found  that  even  this  database  would  need 
substantial  improvements  to  be  able  to  handle  the  workload  that  would  be 
needed  under  REAL  ID.61  SSOLV  depends  on  data  gathered  in  a  system  whose 
mistakes  are  well-known,  the  Numerical  Identification  File  ("NUMIDENT").62 
The  Social  Security  Administration's  Inspector  General  estimated  that  about  17.8 
million  records  in  the  NUMIDENT  have  discrepancies  with  name,  date  of  birth 
or  death,  or  citizenship  status.63  About  13  million  of  these  incorrect  records 
belong  to  U.S.  citizens.64 

Federal  reviews  have  found  such  data  "seriously  flawed  in  content  and 
accuracy."65  In  an  October  opinion  granting  a  temporary  restraining  order 
enjoining  the  Department  of  Homeland  Security  from  implementing  a  new  "no¬ 
match"  employment  eligibility  verification  proposal,  the  federal  judge  noted  "the 
government  recognizes,  the  no-match  letters  are  based  on  SSA  records  that 
include  numerous  errors."66  In  the  final  rule.  Department  of  Homeland  Security 
admits  there  are  accuracy  and  reliability  problems  in  SSOLV  said  that  it, 
AAMVA,  and  the  States  are  working  with  SSA  to  attempt  to  solve  these 
problems.67 

In  the  draft  regulations,  DHS  revealed  "that  only  20  States  are  using 
SAVE,  and  that  the  planned  connection  between  SAVE  and  another  database  for 
foreign  student  status  verification  (Student  and  Exchange  Visitor  Information 
System,  "SEVIS")  may  not  be  completed  by  the  implementation  deadline  of  May 
2008. "68  Now,  Department  of  Homeland  Security  claims  "a  majority"  of  States 
are  enrolled  in  SAVE,  but  that  it  is  still  "working  to  modify  the  system"  so  that 
States  can  use  it  to  implement  the  REAL  ID  national  identification  system  69  The 
agency  also  says  that  the  planned  connection  between  SAVE  and  SEVIS  has  not 
been  completed.70 

EWE  is  currently  in  pilot  phase  and  only  11  States  are  participating,  an 
increase  of  six  more  than  the  five  States  that  were  participating  in  May  2007.71  In 
the  draft  regulations,  the  Department  of  Homeland  Security  based  its 
requirements  on  the  assumption  that  EWE  would  be  ready  for  nationwide 
expansion  by  the  implementation  deadline  of  May  11,  2008.72  Now,  DHS  admits, 
"the  EWE  system  is  not  ready  for  full  implementation.  The  final  rule  provides 
for  additional  time  for  States  to  implement  EWE  or  another  system  that 
provides  for  the  verification  of  birth  records."73  DHS  burdens  the  States  by 
requiring  that  the  States  either  use  a  system  that  the  agency  admits  is  not  ready 
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for  full  deployment  or  the  States  themselves  must  create  such  a  complex  and 
costly  system. 

In  the  draft  regulations,  DHS  required  that  the  States  use  a  State 
Department  system  to  verify  passports  and  some  reports  of  births  that  was  not 
yet  created.  The  agency  based  this  mandate  on  the  assumption  that  the  system 
"is  eventually  developed."74  In  the  final  rule,  DHS  admits  the  system  still  does 
not  exist  and  says  it  is  working  "to  provide  a  capability  to  verify  passports,  U.S. 
visas,  and  other  information  held  by  the  Department  of  State."75 

DHS  states  in  the  final  rule  that  "States  cannot  and  will  not  be  required  to 
use  systems  that  are  not  fully  operational  and  available  for  use,"  yet  the  agency 
then  details  mandates  for  the  States  to  use  systems  that  are  not  fully  operational 
and  available  for  use.76  It  is  clear  that  the  agency  has  not  solved  the  significant 
problems  with  its  verification  databases  and  has  ensured  that  even  States  that 
wish  to  implement  REAL  ID  will  confront  substantial  obstacles  and  may  not  be 
able  to  do  so. 

There  is  a  further  problem  with  the  revised  verification  procedures:  the 
Department  of  Homeland  Security  anticipates  that  State  DMV  employees  will 
become  Federal  immigration  officials.77  The  Department  of  Homeland  Security 
has  not  adequately  addressed  these  problems  in  its  final  rule  for  the 
implementation  of  the  REAL  ID  national  identification  system. 

Under  the  final  rule.  State  DMV  employees  would  still  be  required  to 
verify  REAL  ID  national  identification  card  applicants'  source  documents.  DHS 
defined  "verification"  as  "two  interrelated  procedures:  (1)  inspection  to  see  if  the 
document  is  genuine  and  has  not  been  altered,  and  (2)  checking  to  see  that  the 
identity  data  on  the  document  is  valid."78 

Under  the  final  regulations,  the  source  documents  that  would  be  accepted 
by  the  States  to  issue  these  new  identity  cards  would  be:  (1)  valid  unexpired  U.S. 
passport;  (2)  certified  copy  of  a  birth  certificate;  (3)  consular  report  of  birth 
abroad;  (4)  unexpired  permanent  resident  card;  (5)  unexpired  employment 
authorization  document;  (6)  unexpired  foreign  passport  with  valid  U.S.  visa 
affixed  and  "the  approved  1-94  form  documenting  the  applicant's  most  recent 
admittance  into  the  United  States";  (7)  U.S.  certificate  of  naturalization;  (8)  U.S. 
certificate  of  citizenship;  or  (9)  REAL  ID  driver's  license  or  identification  card 
issued  in  compliance  with  the  final  regulations.79  As  we  noted  above,  in  the  final 
regulations,  the  agency  "has  added  a  provision  that  would  allow  DHS  to  change 
the  list  of  documents  acceptable  to  establish  identity  following  publication  of  a 
notice  in  the  Federal  Register."80  Therefore,  the  document  verification 
requirements  could  become  even  more  burdensome  for  State  DMV  employees. 
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State  DMV  employees  would  be  required  to  verify  these  source 
documents,  including  Federal  immigration  documents,  though  this  is  a  complex 
and  confusing  area  of  law.  In  the  draft  regulations,  DHS  sought  to  solve  this 
problem  by  requiring  that  DMV  employees  handling  source  documents  undergo 
12  hours  of  "fraudulent  document  recognition"  training.81  The  final  rule 
mandates  "Fraudulent  document  recognition  training  for  all  covered  employees 
handling  source  documents  or  engaged  in  the  issuance  of  driver's  licenses  and 
identification  cards."82 

A  Government  Accountability  Office  review  of  the  Social  Security 
Administration  found  that  staff  had  difficulty  recognizing  counterfeit 
documents,  though  it  is  their  primary  job  to  verify  these  documents  before 
issuing  Social  Security  numbers.83  For  example,  the  Government  Accountability 
Office  reported  difficulty  with  detection  of  fraudulent  birth  certificates.  In  one 
case,  a  fake  in-State  birth  certificate  was  detected,  but  "SSA  staff  acknowledged 
that  if  a  counterfeit  out-of-State  birth  certificate  had  been  used,  SSA  would  likely 
have  issued  the  SSN  because  of  staff  unfamiliarity  with  the  specific  features  of 
numerous  State  birth  certificates."84 

We  reiterate  what  we  said  in  our  May  2007  comments,  "It  is  questionable 
how  well  State  DMV  employees  would  be  able  to  spot  fraudulent  documents, 
especially  documents  as  rarely  seen  as  consular  reports  of  birth  abroad  [...]  when 
it  is  difficult  for  counterfeit  documents  to  be  spotted  by  federal  employees  whose 
primary  job  is  verification  of  source  documents."85  It  still  remains  unclear  would 
happen  if  a  State  DMV  employee  determines  that  an  applicant's  source 
documents  are  fraudulent:  What  recourse  would  the  applicant  have  to  prove  her 
documents  are  real?  In  the  final  regulations,  the  Department  of  Homeland 
Security  again  has  punted  its  Privacy  Act  obligations,  including  appropriate 
redress  procedures. 

III.  Homeland  Security  Has  Abdicated  Its  Responsibility  to 
Protect  Individual  Privacy 

The  Department  of  Homeland  Security  has  stated  that  it  is  constrained  in 
its  power  to  protect  the  privacy  of  individuals  and  their  data  under  the  REAL  ID 
Act.  The  agency  claimed  in  the  draft  regulations  that,  "The  Act  does  not  include 
statutory  language  authorizing  DHS  to  prescribe  privacy  requirements  for  the 
state-controlled  databases  or  data  exchange  necessary  to  implement  the  Act."86 
We  agree  with  Sen.  Joseph  Lieberman,  who  said,  "The  concept  that  federal 
agencies  need  explicit  Congressional  authorization  to  protect  Americans'  privacy 
is  just  plain  wrong.  In  fact,  our  government  is  obligated  to  ensure  that  programs 
and  regulations  do  not  unduly  jeopardize  an  individual's  right  to  privacy."87 
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The  final  regulations  create  a  national  identification  system  that  affects  245 
million  license  and  cardholders  nationwide,  yet  DHS  is  hesitant  to  ensure  strong 
privacy  safeguards  in  the  system  itself.  The  agency  has  the  obligation  to  protect 
the  privacy  of  individuals  affected  by  this  system  and  must  do  more  than  the 
feeble  attempts  set  out  in  the  draft  regulations. 

The  Privacy  Act  of  1974  applies  to  the  entire  national  identification  system 
under  guidelines  set  out  by  the  Office  of  Management  and  Budget  ("OMB")  and 
the  Department  of  Homeland  Security  itself.88  The  OMB  guidelines  explain  that 
the  Privacy  Act  "stipulates  that  systems  of  records  operated  under  contract  or,  in 
some  instances,  State  or  local  governments  operating  under  Federal  mandate  'by 
or  on  behalf  of  the  agency  ...  to  accomplish  an  agency  function'  are  subject  to  . . . 
the  Act."89  The  guidelines  also  explain  that  the  Privacy  Act  "make[s]  it  clear  that 
the  systems  'maintained'  by  an  agency  are  not  limited  to  those  operated  by 
agency  personnel  on  agency  premises  but  include  certain  systems  operated 
pursuant  to  the  terms  of  a  contract  to  which  the  agency  is  a  party."90  The  REAL 
ID  system  is  operated  under  a  Federal  mandate  to  accomplish  several  agency 
functions,  including  immigration  control. 

The  REAL  ID  system  is  covered  by  the  Privacy  Act  under  the  Department 
of  Homeland  Security's  own  policies.  In  a  policy  guidance  memorandum  from 
the  agency's  Privacy  Office,  "DHS  Information  Systems"  is  defined  as  "an 
Information  System  operated,  controlled,  or  directed  by  the  U.S.  Department  of 
Homeland  Security.  This  definition  shall  include  information  systems  that  other 
entities,  including  private  sector  organizations,  operate  on  behalf  of  or  for  the 
benefit  of  the  Department  of  Homeland  Security."91  The  national  system  of 
interconnected  State  databases  is  "operate[d]  on  behalf  of  or  for  the  benefit"  of 
DHS.  The  Privacy  Office  also  states: 

As  a  matter  of  DHS  policy,  any  personally  identifiable  information  (PII) 
that  is  collected,  used,  maintained,  and/or  disseminated  in  connection 
with  a  mixed  system  by  DHS  shall  be  treated  as  a  System  of  Records 
subject  to  the  Privacy  Act  regardless  of  whether  the  information  pertains 
to  a  U.S.  citizen.  Legal  Permanent  Resident,  visitor,  or  alien.92 

If  the  Department  of  Homeland  Security  creates  this  system,  the  agency 
must  fully  apply  Privacy  Act  requirements  of  notice,  access,  correction,  and 
judicially  enforceable  redress  to  the  entire  REAL  ID  national  identification 
system.  The  final  regulations  conclude  that  individuals  should  attempt  to 
exercise  their  rights  to  notice,  access,  correction  and  redress  through  State  DMVs, 
the  Social  Security  Administration,  the  Department  of  State,  and  the  U.S. 
Citizenship  and  Immigration  Service  (a  part  of  the  Department  of  Homeland 
Security).93 
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Once  again,  the  Department  of  Homeland  Security  has  punted  the  issue  of 
privacy  to  the  States,  but  the  agency  needs  to  lead.  Various  questions  remain, 
including  important  ones  concerning  redress.  How  will  redress  be  adjudicated  if 
one  State  includes  erroneous  information  in  an  individual's  file  and  passes  that 
information  on  to  another  State?  Will  the  individual  have  to  petition  both  States 
separately  for  redress?  Will  neither  State  process  the  redress,  because  each 
believes  it  to  be  the  responsibility  of  the  other?  The  right  of  redress  must  be 
judicially  enforceable.  The  Privacy  Act  protections  must  be  mandated  in  the 
REAL  ID  implementation  regulations  in  order  for  the  Department  of  Homeland 
Security  to  fulfill  its  obligations. 

A.  Unfettered  Access  to  2D  Barcode  Data  Threatens  Individual  Privacy 

There  are  significant  threats  to  individual  privacy  and  security  that  would 
be  created  by  unfettered  access  to  REAL  ID  national  identification  system  data.94 
Some  of  the  problems  are  based  on  the  design  of  the  card  and  the  safeguards  for 
the  underlying  databases.  Though  the  Department  of  Homeland  Security  has 
made  some  changes  in  the  final  rule,  substantial  problems  remain. 

Under  REAL  ID,  the  following  data  elements,  at  a  minimum,  must  be  on 
the  REAL  ID  card:  (1)  full  legal  name;  (2)  date  of  birth;  (3)  gender;  (4)  driver's 
license  or  identification  card  number;  (5)  digital  photograph  of  the  person;  (6) 
address  of  principal  residence;  (7)  signature;  (8)  physical  security  features;  (9)  a 
common  machine  readable  technology,  with  defined  minimum  data  elements; 
and,  (10)  card  issuance  and  expiration  dates.95  The  REAL  ID  card  will  include  a 
2D  barcode  as  its  machine-readable  technology,  which  will  include  elements  1 
through  7  and  10,  with  these  notations,  "(b)  Full  legal  name,  unless  the  State 
permits  an  applicant  to  establish  a  name  other  than  the  name  that  appears  on  a 
source  document,  pursuant  to  Sec.  37.11(c)(2)";  "(f)  Address  as  listed  on  the  card 
pursuant  to  Sec.  37.17(f)";  "(h)  Card  design  revision  date,  indicating  the  most 
recent  change  or  modification  to  the  visible  format  of  the  driver's  license  or 
identification  card";  "(i)  Inventory  control  number  of  the  physical  document"; 
and,  "(j)  State  or  territory  of  issuance."96 

We  support  the  Department  of  Homeland  Security  in  its  rejection  of  radio 
frequency  identification  (RFID)  technology  as  the  machine-readable  technology 
for  the  REAL  ID  national  identification  card.  Multiple  reports,  including  the 
recommendations  of  the  Department's  own  Data  Privacy  and  Integrity  Advisory 
Committee,  made  clear  that  RFID  should  not  be  used  for  human  identification.97 
However,  the  Department's  decision  to  leave  the  2D  barcode  unencrypted 
creates  unnecessary  security  risks.98  In  doing  so,  the  Department  of  Homeland 
Security  rejects  the  advice  of  independent  privacy  and  security  experts  and  the 
agency's  own  Privacy  Office.  The  DHS  Privacy  Office  supported  encryption 
"because  2D  bar  code  readers  are  extremely  common,  the  data  could  be  captured 
from  the  driver's  licenses  and  identification  cards  and  accessed  by  unauthorized 
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third  parties  by  simply  reading  the  2D  bar  code  on  the  credential"  if  the  data  is 
left  unencrypted.99 

There  are  many  examples  of  unauthorized  users  being  able  to  download 
data  from  unencrypted  machine-readable  technology.100  One  case  involved  New 
York  prosecutors  charging  13  people  with  harvesting  data  from  unencrypted, 
machine-readable  credit  cards  and  clubs  downloading  all  data  contained  on 
unencrypted  State  licenses.101  To  protect  privacy  and  improve  security,  this 
machine-readable  technology  must  either  include  encryption  or  access  must  be 
limited  in  some  other  form.  As  we  explained  earlier,  "Leaving  the  machine 
readable  zone  open  would  allow  unfettered  third-party  access  to  the  data  and 
leave  245  million  license  and  cardholders  nationwide  at  risk  for  individual 
tracking."102 

The  Department  of  Homeland  Security  rejected  encryption  in  the  final 
rule  because  of  "the  complexities  and  costs  of  implementing  an  encryption 
infrastructure."103  We  anticipated  this  and  detailed  a  privacy-protective 
alternative  to  encryption,  yet  the  agency  did  not  take  this  path  either.  We  said: 

We  suggest  that  no  personal  data  be  placed  on  the  machine  readable  zone. 
Instead,  place  a  new  identifier  that  is  unused  elsewhere  (i.e.r  not  the 
driver's  license  number  or  Social  Security  Number).  This  unique  identifier 
will  "point"  to  the  records  in  the  national  database.  Access  to  the  database 
can  be  controlled  by  password  and  encryption  security,  because  it  is  easier 
to  regulate  public  keys  in  this  scenario.  Also,  the  State  should  ensure  that 
a  new  unique  identifier  is  created  each  time  the  machine  readable  zone  is 
renewed  or  reissued,  in  order  to  make  the  identifier  less  useful  as  an 
everyday  ID  number  -  people  would  not  be  forever  linked  to  this 
identifier.  This  approach  would  improve  data  security  and  privacy.104 

Instead  of  accepting  this  simple,  privacy-protective  suggestion,  the  Department 
of  Homeland  Security  chose  to  require  that  a  great  deal  of  personal  data  be 
stored  on  the  2D  barcode. 

DHS  is  required  to  include  security  protections  on  the  REAL  ID  card. 
Under  the  REAL  ID  Act,  the  card  must  include  "(8)  Physical  security  features 
designed  to  prevent  tampering,  counterfeiting,  or  duplication  of  the  document 
for  any  fraudulent  purpose."105  The  agency  has  this  obligation  and  it  should  not 
abdicate  this  responsibility.  If  DHS  does  not  seek  to  limit  access  to  the  data  on 
the  REAL  ID  card,  then  it  is  signaling  that  it  is  acceptable  for  third  parties  to 
download,  access  and  store  data  for  purposes  beyond  the  three  official  purposes. 

Rejecting  encryption  for  the  2D  barcode  helps  to  push  the  REAL  ID 
system  into  "widespread"  use  in  everyday  life,  a  goal  that  DHS  Secretary 
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Chertoff  and  the  DHS  final  rule  itself  expect  and  support.  Such  an  expansion 
would  harm  both  individual  privacy  and  security  and  quickly  turn  the  United 
States  into  a  country  where  the  REAL  ID  national  identification  card  is 
involuntarily  carried  by  everyone. 

B.  REAL  ID  Increases  Both  Insider  and  Outsider  Threats 

Under  REAL  ID,  the  government  would  have  easy  access  to  an  incredible 
amount  of  personal  data  stored  in  one  national  database  (or,  according  to  the 
final  regulation  from  Department  of  Homeland  Security,  56  State  and  Territory 
databases,  each  of  which  can  access  all  others  through  a  "hub" -based 
network).106  As  it  did  in  the  draft  regulations,  in  the  final  regulations  DHS  claims 
that  it  is  not  expanding  data  collection  and  retention,  but  it  is  enlarging  schedules 
and  procedures  for  retention  and  distribution  of  identification  documents  and 
other  personal  data.  This  broad  expansion  of  data  collection  and  retention  in  a 
national  database  creates  significant  threats  to  privacy  and  security. 

The  Department  of  Homeland  Security  justifies  the  expanded  data 
collection  on  the  misleading  representations  that  1)  "most  States"  already  gather, 
retain  and  distribute  such  extensive  personal  data  and  documents,  and  2)  the 
REAL  ID  national  identification  system  does  not  give  States  or  the  Federal 
government  greater  access  to  sensitive  personal  data  and  documents  than 
before.107  The  REAL  ID  national  identification  system  mandates  increased  data 
gathering,  retention  and  distribution,  as  well  as  massively  expanding  the  Federal 
and  State  access  to  this  data.  The  personal  data  of  245  million  State  license  and  ID 
cardholders  would  be  accessible  from  a  massive  number  of  DMVs  across  the 
country. 

Consolidating  identity  through  a  single  document  increases  risks  when 
the  document  is  compromised.  It  would  be  as  if  you  used  one  key  to  open  your 
house,  your  car,  your  safe  deposit  box,  your  office,  and  more.108  "Perversely  -  a 
harder-to-forge  card  makes  subverting  the  system  even  more  valuable.  Good 
security  doesn't  try  to  divine  intentionality  from  identification,  but  instead 
provides  for  broad  defenses  regardless  of  identification,"  such  as  airport 
screening,  walls  and  door  locks,  security  expert  Bruce  Schneier  has  said.109 

There  are  a  number  of  "insider"  and  "outsider"  threats  to  the  massive 
identification  database  connecting  56  States  and  territories.  Creating  a  national 
identification  database  containing  personal  data  of  245  million  State  license  and 
ID  cardholders  nationwide,  one  that  would  be  accessible  from  a  massive  number 
of  DMVs  across  the  country,  is  an  invitation  for  all  criminals  -  whether  identity 
thieves  or  terrorists  -  to  break  into  just  one  of  these  entrance  points  to  gather 
such  data  for  misuse. 
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Such  a  system  would  also  be  at  risk  of  abuse  from  authorized  users,  such 
as  DMV  employees,  who  are  bribed  or  threatened  into  changing  the  system  data 
or  issuing  "authentic"  national  identification  cards.  It  is  appropriate  to  note  here 
that,  on  the  day  that  DHS  released  the  final  regulations  for  REAL  ID,  "A 
Maryland  Motor  Vehicle  Administration  employee  [...]  and  four  others  were 
indicted  [  ]  on  charges  that  they  made  and  sold  fake  State  driver's  licenses  and 
identification  cards  in  exchange  for  money."110 

Identity  theft  is  a  large  and  growing  problem.  A  Federal  Trade 
Commission  report  estimated  8.3  million  victims  in  2005  (the  last  year  for  which 
numbers  are  available).111  Serious  cases  of  identity  theft  cost  victims  $1,200  - 
$2,500.112  In  10  percent  of  new  account  frauds,  victims  incurred  at  least  $3,000  in 
out-of-pocket  expenses.113  Domestic  violence  survivors  are  particularly 
vulnerable  because  their  economic  situation  may  be  more  precarious  than 
average,  and  they  may  have  greater  need  for  unsullied  credit  as  they  attempt  to 
create  independent  economic  lives. 

Large-scale  data  breaches  have  occurred  in  State  DMVs  across  the 
country;  if  the  databases  are  linked  under  REAL  ID,  these  breaches  will  only 
grow  in  scale.  The  Oregon  DMV  lost  half  a  million  records  in  2005. 114  Also  that 
year,  in  Georgia,  a  dishonest  insider  exposed  465,000  records.115  In  2006,  a 
computer  with  the  personal  data  of  16,000  individuals  was  stolen  from  a  North 
Carolina  DMV.116  The  list  goes  on,  and  the  personal  information  of  individuals 
will  be  endangered  under  the  REAL  ID  national  identification  system. 

Domestic  violence  survivors  are  particularly  vulnerable.  Domestic 
violence  survivors  who  flee  their  abusers,  crossing  into  different  States,  would  be 
exposed  if  their  abuser  breaches  the  security  of  any  one  of  these  56 
interconnected  databases.  "An  abuser  with  an  associate  inside  a  State  DMV,  law 
enforcement,  or  other  agency  with  access  to  the  State  records  would  be  able  to 
track  a  victim  as  the  victim  moves  across  the  country."117 

Intentional  breaches  by  outsiders  or  authorized  insiders  abusing  their 
power  would  also  have  a  wider  scope  under  the  Department  of  Homeland 
Security's  REAL  ID  national  identification  system.  Past  abuses  exemplify  what 
can  be  expected  in  a  nationwide  scale.  For  example,  in  September,  a  former 
Department  of  Commerce  agent  was  indicted  and  charged  with  using  a  federal 
database  to  stalk  a  former  girlfriend  and  her  family.118  While  employed  at  the 
Commerce  Department,  the  agent  is  alleged  to  have  accessed  the  system  at  least 
163  times  during  a  10-month  period.119  In  Arizona,  a  police  officer  admitted 
accessing  motor  vehicle  records  to  find  personal  information  on  women  he  was 
romantically  interested  in,  as  well  as  co-workers.120 
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The  danger  of  negligent  and  accidental  disclosures  is  increased  by  REAL 
ID,  as  substantially  more  government  employees  will  have  access  to  all  motor 
vehicle  records  nationwide.  One  example  of  accidental  disclosure  occurred  in 
Wisconsin  in  2007  -  a  police  officer  disclosed  a  victim's  address,  found  in  a  DMV 
record  to  a  stalker;  the  officer  did  not  know  that  the  victim  had  a  restraining 
order  against  this  man.121  This  sort  of  inadvertence  will  happen  much  more 
frequently  in  a  post-REAL  ID  world  as  the  access  to  driver's  license  information 
is  spread  throughout  the  national  identification  system. 

C.  Background  Check  Procedures  Fail  to  Address  Insider  Threat  Problems 

The  Department  of  Homeland  Security  requires  certain  government 
employees  undergo  criminal  history  background  checks  and  list  particular 
offenses  that  would  disqualify  an  individual  from  specific  jobs  related  to  the 
REAL  ID  national  identification  system.122  In  the  draft  regulations,  DHS  said 
employees  who  had  to  undergo  these  checks  would  be  limited  to  those  who 
could  affect  the  recording  of  information,  the  manufacture  of  REAL  ID  cards,  or 
the  information  displayed  on  a  card.123  Employees  who  could  access  the  record 
information  without  the  ability  to  edit  it  are  not  subject  to  the  background  check 
requirement. 

EPIC  explained  in  our  May  2007  comments,  "This  massive  loophole 
greatly  increases  the  security  and  privacy  risks  of  domestic  violence  and  sexual 
abuse  victims,  as  significant  damage  can  be  done  by  unauthorized  data 
disclosure."124  We  proposed  that  "the  broad  category  of  those  who  have  access  to 
records  should  be  shrunk,  rather  than  increasing  the  category  of  those  who  are 
covered  by  the  background  check  requirement"  in  order  to  safeguard  against 
these  threats.125  However,  the  final  rule  did  not  use  this  proposal. 

In  the  draft  regulations,  the  suitability  criteria  of  the  background  check 
did  not  match  the  threat  of  stalkers  and  abusers.  DHS  proposed  using  the 
permanent  and  interim  disqualifying  criteria  in  the  Transportation  Security 
Administration's  background  checks  for  maritime  and  land  transportation 
security  at  49  C.F.R.  1572.103.126  The  offenses  include  espionage,  sedition, 
treason,  making  bomb  threats,  and  crimes  involving  transportation  security 
incidents.127  Some  of  the  offenses,  such  as  fraud  and  misrepresentation  - 
including  identity  fraud  -  are  relevant  to  the  risks  of  improper  disclosure  and 
access  to  the  records.128  However,  crimes  such  as  stalking,  surveillance, 
harassment  and  domestic  abuse  are  not  in  this  list. 

Recognizing  the  risk  of  improper  access  to  the  record  system,  EPIC 
recommended  that,  "these  crimes  must  be  added  to  the  list  of  disqualifying 
offenses,  so  that  the  REAL  ID  system  does  not  create  a  loophole  permitting 
abusers  access  to  a  national  database  that  would  allow  them  to  track  their  victims 
no  matter  where  the  victims  moved."129  The  Department  of  Homeland  Security 
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did  not  add  these  offenses,  allowing  even  convicted  abusers  the  opportunity  to 
access  to  the  massive  national  database  created  under  REAL  ID.130 

D.  Final  Rule  Includes  Marginal  Improvements  for  Address  Confidentiality 
and  Name  History  Problems 

Many  States  have  created  formal  Address  Confidentiality  Programs  and 
also  provided  general  measures  of  residential  address  privacy,  but  these 
protections  would  be  removed  by  the  draft  regulations.131  The  final  rule 
improves  on  some  of  the  address  confidentiality  provisions  of  the  proposed  rule, 
but  the  subject  of  addresses  in  the  national  ID  database  is  treated  in  contradictory 
manners  in  different  parts  of  the  final  rule. 

The  REAL  ID  Act  requires  that  driver's  licenses  include  a  person's 
"address  of  principle  residence."132  This  requirement  effectively  destroys  State 
address  confidentiality  programs.  The  Violence  Against  Women  and  Department 
of  Justice  Reauthorization  Act  ("VAWA")  included  a  requirement  for  DHS  to 
"consider  and  address"  the  needs  of  certain  groups  when  the  agency  is 
"developing  regulations  or  guidance  with  regard  to  identification  documents, 
including  driver's  licenses."133  These  groups  include  domestic  violence  and 
sexual  assault  victims  who  are  entitled  to  be  enrolled  in  State  address 
confidentiality  programs;  whose  addresses  are  entitled  to  be  suppressed  via 
court  order  or  State  or  Federal  law;  or  whose  information  is  protected  from 
disclosure  according  to  Section  384  of  the  Illegal  Immigration  Reform  and 
Immigrant  Responsibility  Act  1996. 134 

In  the  final  rule,  the  Department  of  Homeland  Security  includes  more 
exemptions  and  extends  them  to  the  unencrypted  machine-readable  zone.  Now 
exempt  are  individuals  for  whom  State  law,  regulation,  or  DMV  procedure 
permits  display  of  an  alternative  address.135  This  exemption  includes  States  that 
generally  permit  a  mailing  address  to  be  displayed  on  the  card.  Individuals  who 
are  enrolled  in  address  confidentiality  programs,  who  have  their  information 
suppressed  by  court  orders  (including  administrative  orders),  and  those  who  are 
also  protected  by  Section  384  of  the  Illegal  Immigration  Reform  and  Immigrant 
Responsibility  Act  of  1996  may  also  use  an  alternative  address.136  The 
unencrypted  machine-readable  zone  requires  the  "address  as  listed  on  the  card 
pursuant  to  §  37.17(f)"  which  includes  the  alternative  address  provisions.137 
Further,  the  final  regulations  require  two  documents  that  show  "address  of 
principle  residence"  but  exempt  street  addresses  pursuant  to  §  37.17(f),  the 
section  on  that  regulates  address  confidentiality.138 

The  agency's  comments  to  the  final  rule  state,  "true  addresses  must  be 
captured  and  stored  in  a  secure  manner  in  the  DMV  database  even  if  an  alternate 
address  appears  on  the  face  and  MRZ  portions  of  the  driver's  license  or 
identification  card."139  However,  the  actual  regulation  that  describes  the  design 
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of  the  national  identification  database,  §  37.33,  does  not  appear  to  incorporate 
these  requirements.  Under  §  37.33  the  database  must  contain: 

(1)  All  data  fields  printed  on  driver's  licenses  and  identification  cards 
issued  by  the  State,  individual  serial  numbers  of  the  card,  and  SSN; 

(2)  A  record  of  the  full  legal  name  and  recorded  name  established  under 
Sec.  37.11(c)(2)  as  applicable,  without  truncation; 

(3)  All  additional  data  fields  included  in  the  MRZ  but  not  printed  on  the 
driver's  license  or  identification  card;  and 

(4)  Motor  vehicle  driver's  histories,  including  motor  vehicle  violations, 
suspensions,  and  points  on  driver's  licenses.140 

The  gathering,  retention  and  distribution  of  addresses  in  the  databases  are 
unclear,  as  the  Department  of  Homeland  Security  has  made  contradictory 
statements. 

Though  the  treatment  of  name  history  is  improved  in  the  final  rule,  a 
significant  problem  remains.  Name  histories  may  be  kept  in  motor  vehicle 
databases  and  thus  exposed  to  security  breaches  by  insiders  with  access  or 
outsiders  who  break  into  any  one  of  the  many  DMVs  across  the  country  with 
access  to  the  national  database. 

The  final  rule  allows  State  law  or  regulation  to  permit  the  use  of  a  name 
other  than  the  one  on  the  source  documents.141  The  State  may  itself  determine 
what  evidence  is  needed  for  it  to  accept  the  name  if  it  differs  from  source 
documents.142  Further,  the  name  difference  from  the  source  document  must  be 
recorded.143  The  final  regulations  also  permit  the  name  on  the  face  of  the  card 
and  in  the  machine-readable  zone  to  deviate  from  the  name  on  source 
documents.144  These  are  all  improvements  over  the  draft  regulations. 

However,  the  final  rule  for  implementation  of  the  REAL  ID  system  still 
contains  a  problematic  name  history  provision.  The  DMV  database  is  required  to 
have  "a  record  of  the  full  legal  name  and  recorded  name  established  under 
§37.1 1(c) (2)  as  applicable,  without  truncation."145  This  record  includes  copies  of 
source  documents  and  any  evidence  of  a  name  change.146  Such  data  gathering, 
retention  and  distribution  would  leave  a  trail  for  abusers  to  follow. 

IV.  REAL  ID  System  Creates  New  National  Security  Risks 

The  Department  of  Homeland  Security  continues  to  claim  that  the 
national  identification  system  created  under  the  REAL  ID  scheme  will  improve 
national  security.  When  releasing  the  final  rule  in  January,  Secretary  Chertoff 
said,  "secure  identification  is  an  essential  way  of  ensuring  that  people  are  who 
they  say  they  are.  And  therefore  this  kind  of  identification  gives  us  a  tremendous 
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tool  in  preventing  dangerous  people  from  getting  on  airplanes  or  getting  into 
federal  buildings."147  Yet  there  is  a  multitude  of  evidence  that  Secretary  Chertoff 
is  wrong  -  including  evidence  from  the  9/11  Commission. 

DHS's  national  security  rationale  has  always  been  confusing  and  has  not 
changed  since  the  draft  regulations  were  released  in  March  2007.  Our  May  2007 
comments  included  a  detailed  debunking  of  the  Department  of  Homeland 
Security's  mystifying  quantitative  risk  assessment.148  The  agency  claimed  this 
assessment  proved  the  need  for,  cost-effectiveness  of,  and  security  advantages  of 
the  REAL  ID  national  identification  system.149  Yet ,  DHS  admitted  at  the  time, 
"REAL  ID  is  highly  unlikely  to  impact  the  consequences  of  a  successful  attack, 
but  it  may  impact,  on  the  margin,  the  chance  of  a  terrorist  attack  being  attempted 
and  succeeding."150  DHS  attempted  to  determine  the  marginal  chance  that  REAL 
ID  will  lessen  the  chance  of  success  or  discourage  the  attempt  of  a  terrorist 
attack,  using  a  number  of  faulty  assumptions. 

In  the  final  regulations,  the  Department  of  Homeland  Security  again 
attempts  a  national  security  rationale,  stating: 

Under  this  final  rule,  it  will  be  significantly  more  difficult  for  an 
individual  to  use  a  false  name  or  provide  fraudulent  documents  to  obtain 
an  identification  that  can  be  used  for  purposes  of  boarding  a  commercial 
airplane.  Therefore,  the  final  rule  makes  it  less  likely  that  a  terrorist  could 
circumvent  watch-list  screening  processes  and  security  procedures  (as 
upgraded  or  developed  post-9/11)  and  board  a  commercial  airplane.151 

However,  in  the  final  rule,  the  Department  of  Homeland  Security  includes  an 
exception  that  completely  undercuts  the  supposed  security  rationale  for  the 
creation  of  this  national  identification  system.  In  the  final  rule,  the  Department  of 
Homeland  Security  allows  individuals  to  show  their  foreign  passport  in  place  of 
REAL  ID  card  or  other  US-issued  identification  document.152  Criminals  who  do 
not  wish  to  go  through  the  cumbersome  REAL  ID  process  could  merely  go  to 
any  number  of  foreign  countries  and  obtain  (whether  legally  or  illegally)  a 
passport  that  would  "prove"  their  identity  as  a  "trusted"  individual,  one  whose 
name  is  not  on  any  watch  lists. 

All  of  the  9/11  hijackers  could  have  boarded  commercial  flights  or  entered 
federal  buildings  under  the  REAL  ID  scheme  because  each  hijacker  had  a  foreign 
passport,  according  to  the  9/11  Commission  Report.153  In  fact,  "potential 
hijackers  [were  told]  to  acquire  new  'clean'  passports  in  their  home  countries 
before  applying  for  a  U.S.  visa.  This  was  to  avoid  raising  suspicion  about 
previous  travel  to  countries  where  al  Qaeda  operated,"  said  the  Commission.154 
The  9/11  Commission  in  2004  detailed  the  problem  with  the  national  security 
rationale  that  DHS  continues  to  use  in  2008. 
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Also,  note  that  the  Department  of  Homeland  Security  says  in  the  final  rule 
that  it  will  be  "significantly  more  difficult,"  but  not  impossible,  "for  an 
individual  to  use  a  false  name  or  provide  fraudulent  documents  to  obtain  an 
identification."  This  is  the  reason  that  any  national  identification  system  is 
fundamentally  flawed:  Individuals  are  told  to  "trust"  the  national  ID  card,  but  it 
is  still  possible  to  create  a  fake  card,  so  one  cannot  rely  on  the  national 
identification  system  to  "prove"  an  individual  is  who  she  says.  Contrary  to  the 
Department  of  Homeland  Security's  claims,  this  system  harms  our  national 
security  by  creating  another  "trusted"  path  for  criminals  to  exploit. 

V .  States  Oppose  N ation al  I D  System 

Since  the  passage  of  the  REAL  ID  Act  in  2005,  a  number  of  States  have 
passed  legislation  rejecting  the  national  identification  system.  On  January  18, 
Montana  governor  Brian  Schweitzer  wrote  to  the  governors  of  17  States  asking 
them  to  join  him  in  rejecting  the  REAL  ID  system.155  "Today,  I  am  asking  you  to 
join  with  me  in  resisting  the  DHS  coercion  to  comply  with  the  provisions  of 
REAL  ID,"  Gov.  Schweitzer  wrote.  "1  would  like  us  to  speak  with  one,  unified 
voice  and  demand  the  Congress  step  in  and  fix  this  mess."156 

Four  states  (Maine,  Montana,  New  Hampshire  and  South  Carolina)  have 
expressly  rejected  the  system  and  none  asked  for  an  extension.  After  much 
posturing,  DHS  gave  extensions  to  all  States,  even  though  some  said  they  would 
never  implement  REAL  ID,  because  their  legislatures  have  passed  laws  banning 
the  national  identification  system.157 

In  the  final  regulations  released  in  January,  the  Department  of  Homeland 
Security  set  an  extension  request  deadline  of  March  31,  2008.158  By  that  date,  all 
56  States  and  U.S.  territories  were  required  to  ask  the  agency  for  an  extension 
that  would  allow  their  licenses  and  ID  cards  to  remain  "valid  for  federal 
purposes"  past  May  11,  2008  through  the  first  extension  period,  until  December 
31,  2009. 159  For  States  that  do  ask  for  the  initial  extension,  those  States  then  have 
until  October  11,  2009  to  "file  a  request  for  an  additional  extension  until  no  later 
than  May  10,  2011,  by  submitting  a  Material  Compliance  Checklist 
demonstrating  material  compliance."160 

The  extensions  were  necessary  because,  even  though  May  11,  2008  is  the 
statutory  deadline  for  implementation  of  the  REAL  ID  system,  not  one  State  is  in 
compliance  with  the  federal  law  creating  a  national  identification  system.  In  fact, 
19  States  have  passed  resolutions  or  laws  rejecting  the  national  ID  program. 

The  Department  of  Homeland  Security  said  it  "made  extensions  available 
for  states  that  needed  additional  time  to  come  into  compliance,  or  to  complete 
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ongoing  security  measures,"  implying  that  states  that  received  extensions  had 
agreed  to  implement  the  REAL  ID  national  identification  system.161  However,  a 
number  of  states  have  said  that  these  extensions  do  not  constitute  an  agreement 
to  implement  this  national  ID  scheme. 

For  example,  California  (one  of  the  most  populous  states)  sent  a  letter  to 
the  Department  of  Homeland  Security  on  March  18,  stating,  "California's  request 
for  an  extension  is  not  a  commitment  to  implement  REAL  ID."162  New 
Hampshire  said,  "because  our  Legislature  voted  overwhelmingly  in  2007  to  pass 
a  bill  that  prohibits  our  state  from  implementing  the  REAL  ID  Act  in  New 
Hampshire,  we  cannot  authorize  implementation  of  the  REAL  ID  regulations."163 

There  are  also  ongoing  concerns  about  Homeland  Security's  cost 
computation.  In  the  final  regulations,  DHS  claims  to  reduce  the  cost  of 
implementation  for  the  REAL  ID  national  identification  system  to  $9.9  billion,  a 
significant  drop  from  the  draft  regulations'  estimate  of  $23.1  billion.164  However, 
there  are  significant  problems  with  the  agency's  assumptions. 

The  agency  assumes  that  only  75  percent  of  U.S.  residents  will  not  apply 
for  a  REAL  ID  national  identification  card.165  DHS  states  that  the  remaining  25 
percent  will  either  not  enter  federal  buildings  or  board  commercial  flights,  or  the 
people  will  use  $100  U.S.  passports.166  The  agency  also  ignores,  among  other 
things,  the  cost  of  creating  the  national  identification  database  (or  "hub" 
network)  linking  56  States  and  territories. 

The  Department  of  Homeland  Security  also  believes  that  it  can  sweep 
aside  the  fact  that  REAL  ID  is  an  unfunded  mandate  by  allocating  $360  million  to 
the  States  for  REAL  ID  implementation.  The  agency  said  it  will  offer,  "$80 
million  in  dedicated  REAL  ID  grants  and  another  $280  million  in  general  funding 
as  part  of  the  Homeland  Security  Grant  Program,"  which  funds  security 
programs  such  as  first  responder  services.167  However,  the  number  still  pales 
next  to  the  agency's  "reduced"  estimate  of  $9.9  billion. 

Currently  Congress  is  considering  legislation  to  repeal  REAL  ID.168  Sen. 
Patrick  Leahy,  who  co-sponsored  legislation  to  replace  REAL  ID  with  the 
negotiated  rulemaking  process  originally  enacted  in  the  2004  Intelligence  Reform 
and  Terrorist  Prevention  Act,  criticized  the  final  regulations.  "The  Bush 
administration's  REAL  ID  program  will  not  only  lead  to  long  lines  at  every  DMV 
across  the  country,  it  will  impose  a  massive  unfunded  mandate  on  State 
governments  while  offering  absolutely  no  federal  privacy  protections  to  our 
citizens,"  Sen.  Leahy  said.169  "It  is  unfortunate  that  instead  of  addressing  the 
fundamental  problems  this  law  poses  for  the  States,  the  Administration  appears 
content  merely  to  prolong  a  contentious  and  unproductive  battle  to  force  the 
States  to  comply." 
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VI.  Recommendation:  Decentralize  Identification 

The  REAL  ID  national  identification  system  would  harm  rather  than 
protect  privacy  and  security,  and  such  a  system  would  exacerbate  the  country's 
growing  identity  theft  problem.  It  decreases  security  to  have  a  centralized  system 
of  identification,  one  ID  card  for  many  purposes,  as  there  will  be  a  substantial 
amount  of  harm  when  the  card  is  compromised.170 

A  system  of  decentralized  identification  reduces  the  risks  associated  with 
security  breaches  and  the  misuse  of  personal  information.  Technological 
innovation  can  enable  the  development  of  context-dependent  identifiers.  A 
decentralized  approach  to  identification  is  consistent  with  our  commonsense 
understanding  of  identification.  If  you  are  banking,  you  should  have  a  bank 
account  number.  If  go  to  the  library,  you  should  have  a  library  card  number.  If 
you  rent  videos  from  a  store,  you  should  have  a  video  rental  store  card  number. 
Utility  bills,  telephone  bills,  insurance,  the  list  goes  on.  These  context-dependent 
usernames  and  passwords  enable  authentication  without  the  risk  of  a  universal 
identification  system.  That  way,  if  one  number  is  compromised,  all  of  the 
numbers  are  not  spoiled  and  identity  thieves  cannot  access  all  of  your  accounts. 
All  of  your  accounts  can  become  compartmentalized,  enhancing  their  security.171 

Internet  companies  are  already  moving  to  develop  systems  of  multiple 
identification  in  part  because  of  concerns  that  were  identified  in  a  consumer 
privacy  case  brought  to  the  Federal  Trade  Commission  ("FTC")  in  2001.  In  that 
matter,  EPIC  and  12  organizations  submitted  a  complaint  to  the  FTC,  detailing 
serious  privacy  implications  of  Microsoft  Windows  XP  and  Microsoft  Passport.172 
The  complaint  alleged  that  Microsoft  "has  engaged,  and  is  engaging,  in  unfair 
and  deceptive  trade  practices  intended  to  profile,  track,  and  monitor  millions  of 
Internet  users,"  and  that  the  company's  collection  and  use  of  personal 
information  violated  Section  5  of  the  Federal  Trade  Commission  Act.173 

In  August  2002,  the  FTC  announced  a  settlement  in  its  privacy 
enforcement  action  against  Microsoft.174  The  settlement  required  that  Microsoft 
establish  a  comprehensive  information  security  program  for  Passport,  and 
prohibited  any  misrepresentation  of  its  practices  regarding  information 
collection  and  usage. 

Since  the  FTC  settlement  of  the  EPIC  complaint  against  Passport,  industry 
groups  have  moved  toward  decentralized  identity  systems  that  are  more  robust, 
provide  more  security,  and  are  better  for  privacy.  Microsoft  has  developed  an 
approach  to  identity  management  that  allowed  for  multiple  forms  of  online 
identification,  and  other  companies,  including  open  source  developers,  followed 
a  similar  approach.175  There  is  a  need  to  avoid  single  identifiers  and  to  promote 
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multiple  identification  schemes,  and  that  this  approach  is  best  not  only  for 
privacy  but  also  for  security. 

The  development  of  system  for  multiple  identification,  or  "meta¬ 
identification"  is  widely  favored  by  experts  in  the  field.  For  example,  Jim  Harper, 
Director  of  Information  Policy  Studies  at  the  Cato  Institute,  explains  that  the 
REAL  ID  Act  does  not  add  to  the  nation's  security  protections.176  Instead,  Harper 
advocates  a  diverse  identification  system.  "A  diverse,  competitive  identification 
and  credentialing  industry  would  be  far  better,  and  far  more  protective  of  liberty, 
than  the  uniform  government-monopolized  identification  system  on  the  advance 
today."177 

VII.  Conclusion 

When  Congress  created  the  Department  of  Homeland  Security,  it  made 
clear  in  the  enabling  legislation  that  the  agency  could  not  create  a  national  ID 
system.178  In  September  2004,  then-Department  of  Homeland  Security  Secretary 
Tom  Ridge  reiterated,  "  [t]he  legislation  that  created  the  Department  of 
Homeland  Security  was  very  specific  on  the  question  of  a  national  ID  card.  They 
said  there  will  be  no  national  ID  card."179 

In  an  opinion  column  written  by  Secretary  Chertoff  after  the  publication 
of  the  final  rule,  he  said,  "embracing  REAL  ID"  would  mean  it  would  be  used  to 
"cash  a  check,  hire  a  baby  sitter,  board  a  plane  or  engage  in  countless  other 
activities."180  This  is  a  description  of  a  national  identification  system,  which  is 
illegal  in  the  United  States. 

The  final  rule  includes  few  protections  for  individual  privacy  and  security 
in  its  massive  national  identification  database.  It  harms  national  security  by 
creating  yet  another  "trusted"  credential  for  criminals  to  exploit.  The  Department 
of  Homeland  Security  has  faced  so  many  obstacles  with  the  REAL  ID  system  that 
the  agency  now  plans  an  implementation  deadline  of  2017  -  nine  years  later  than 
the  2008  statutory  deadline.181  It  is  an  unfunded  mandate  that  would  cost 
billions,  with  the  burden  ultimately  being  placed  on  the  individual  taxpayer. 

Technical  experts  familiar  with  the  challenges  of  privacy  protection  and 
identification  presented  the  Department  of  Homeland  Security  with  a  variety  of 
recommendations  that  would  have  minimized  the  risks  of  the  REAL  ID  system. 
The  DHS  made  some  modifications,  but  left  the  essential  system  in  place.  As 
REAL  ID  currently  stands,  the  costs  are  many  and  the  benefits  are  few.  Public 
opposition  to  implementation  is  understandable. 
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Appendix  I 


State  Legislation  Against  REAL  ID  Act 


State  Legislation  Against  REAL  ID  Act 

Alaska,  SB  202 

Colorado,  HJR  1047 

(April  11,  2008)* 

(May  14,  2007) 

South  Dakota,  SCR  7 

Georgia,  SB  5 

(February  25,  2008) 

(May  11,  2007) 

Tennessee,  SJR  0248 

Hawaii,  SCJ  31 

(June  14,  2007) 

(April  25,  2007) 

South  Carolina,  S  449 

North  Dakota,  SCR  4040 

(June  5,  2007) 

(April  20,  2007) 

Nebraska,  LR  28 

Washington  SB  5087 

(May  30,  2007) 

(April  18,  2007) 

New  Hampshire,  HB  685 

Montana,  HB  287 

(May  24,  2007) 

(April  17,  2007) 

Oklahoma,  SB  464 

Arkansas,  SCR  22 

(May  23,  2007) 

(March  28,  2007) 

Illinois,  HJR  0027 

Idaho: 

(May  22,  2007) 

HJM  3  (March  12,  2007) 

HB  606  (April  9,  2008) 

Missouri,  HCR  20 

(May  17,  2007) 

Maine,  SP 113 
(January  25,  2007) 

Nevada,  AJR  6 
(May  14,  2007) 

*Date  passed  Source:  http://epic.org/ privacy/id-cards/ 
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Appendix  II 


EPIC  Expert  Comments  on  Draft  REAL  ID  Regulations 

"EPIC  and  24  Experts  in  Privacy  and  Technology,  Comments  on  DHS 
2006-0030:  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for  Driver's 
Licenses  and  Identification  Cards  Acceptable  by  Federal  Agencies  for  Official 
Purposes  (May  8,  2007),"  available  at 

http:/ /www.epic.org/privacy/id_cards/epic_realid_comments.pdf. 

Signatories  (affiliations  are  for  identification  only) 

Steven  Aftergood,  Director  of  Project  on  Government  Secrecy,  Federation 
of  American  Scientists 

Anita  Allen,  J.D.,  Ph.D.,  Henry  R.  Silverman  Professor  of  Law  and 
Professor  of  Philosophy,  University  of  Pennsylvania  Law  School 

Ann  Bartow,  Associate  Professor  of  Law,  University  of  South  Carolina 
School  of  Law 

Christine  L.  Borgman,  Professor  &  Presidential  Chair  in  Information 
Studies,  University  of  California,  Los  Angeles 

James  Boyle,  William  Neal  Reynolds  Professor  of  Law,  Duke  University 
School  of  Law 

David  Chaum,  Founder,  DigiCash  Inc. 

Julie  E.  Cohen,  Professor  of  Law,  Georgetown  University  Law  Center 
Simon  Davies,  Director  General,  Privacy  International 
Dr.  Whitfield  Diffie,  Chief  Security  Officer,  Sun  Microsystems 
David  Farber,  Distinguished  Career  Professor  of  Computer  Science  and 
Public  Policy,  Carnegie  Mellon  University 

Philip  Friedman,  Friedman  Law  Offices,  PLLC 
Deborah  Hurley,  Chair,  EPIC  Board  of  Advisors 
Jerry  Kang,  Professor  of  Law,  UCLA  School  of  Law 
Chris  Larsen,  CEO,  Prosper  Marketplace,  Inc. 

Gary  Marx,  Professor  Emeritus,  Massachusetts  Institute  of  Technology 
Mary  Minow,  LibraryLaw.com 

Dr.  Peter  G.  Neumann,  Principal  Scientist,  SRI  International  Computer 
Science  Lab 

Dr.  Deborah  Peel,  Founder,  Patients  Privacy  Rights 
Stephanie  Perrin,  Director  of  Integrity  Policy,  Service  Canada 
Anita  Ramasastry,  Associate  Professor  of  Law,  University  of  Washington 
School  of  Law 

Dr.  Bruce  Schneier,  Chief  Technical  Officer,  BT  Counterpane 
Robert  Ellis  Smith,  Publisher,  Privacy  Journal 
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Daniel  J.  Solove,  Associate  Professor  of  Law,  George  Washington 
University  Law  School 

Frank  M.  Tuerkheimer,  Professor  of  Law  Emeritus,  University  of 
Wisconsin  Law  School 
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End  Notes 


1  See  generally,  EPIC,  National  ID  Cards  and  the  REAL  ID  Act, 
http:/ / www.epic.org/  privacy/ id_cards/. 

2  See  EPIC  and  Privacy  International,  Privacy  and  Human  Rights:  An  International 
Survey  of  Privacy  Laws  and  Practice  23-41  (EPIC  2006). 

3  Id.  at  23-24. 

4  Dep't  of  Health,  Educ.  &  Welfare,  Secretary's  Advisory  Comm,  on  Automated  Personal  Data 
Systems,  Records,  Computers,  and  the  Rights  of  Citizens  125-35  (MIT  1973)  [hereinafter  "HEW 
Report  on  Data  Systems"],  available  at  http:/ /www.epic.org/privacy/hewl973report/. 

5  See  generally,  EPIC,  Social  Security  Numbers,  http://www.epic.org/privacy/ssn/. 

6  Soc.  Sec.  Admin.,  Soc.  Sec.  Number  Task  Force,  Report  to  the  Commissioner  (May  1971). 

7  HEW  Report  on  Data  Systems  at  125-35  (MIT  1973),  supra  note  4. 

8  Dep't  of  Justice,  Fed.  Advisory  Comm,  on  False  Identification,  The  Criminal  Use  of  False 
Identification  (Nov.  1976). 

9  Privacy  Prot.  Study  Comm'n,  Personal  Privacy  in  an  Information  Society  (July  1977)  available  at 
http:/ /  www.epic.org/  privacy/ ppscl977report/. 

40  Id. 

11  Robert  B.  Cullen,  Administration  Announcing  Plan,  ASSOCIATED  PRESS,  July  30, 1981. 

12  Press  Release,  White  House  Office  of  the  Press  Secretary,  The  Health  Security  Act  Of  1993: 
Health  Care  That's  Always  There  (Sept.  22, 1993)  available  at 

http:/  /  www.clintonfoundation.org/  legacy/ 092293-press-release-on-health-security-plan.htm. 

13  Illegal  Immigration  Reform  and  Immigrant  Responsibility  Act  of  1996,  Pub.  L.  No.  104-208,  Div. 
C,  Title  III,  §  309  (1996),  amended  by  the  Immigration  and  Naturalization  Service  Data 
Management  Improvement  Act  of  2000,  Pub.  L.  No.  106-215, 114  Stat.  337  (2000). 

14  Summer  Lemon,  Ellison  offers  free  software  for  national  ID  card,  IDG.NET,  Sept.  25,  2001,  available  at 
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I.  INTRODUCTION 

The  Identity  Project  (IDP)  and  the  Cyber  Privacy  Project  (CPP)  submit  these  comments 
in  response  to  the  notice  and  request  for  comments,  “Intent  To  Request  Approval  From  OMB  of 
One  New  Public  Collection  of  Information:  Certification  of  Identity  Form  (TSA  Form  415)”, 
docket  number  TSA-2013-0001-0075,  FR  Doc.  2016-26958,  published  at  81  Federal  Register 
78624-78625  (November  8,  2016). 

The  notice  fails  to  satisfy  the  requirements  of  the  Administrative  Procedure  Act  (APA), 
the  Paperwork  Reduction  Act  (PRA),  and  the  Privacy  Act.  The  notice  miscategorizes  the 
proposal,  fails  to  provide  adequate  or  accurate  notice  to  the  public,  and  includes  materially  false 
statements  about  the  proposal  and  the  history  and  status  of  TSA  Form  415. 

The  notice  attempts  to  use  the  PRA  procedures  for  approval  of  a  form  to  effect  a 
sweeping,  highly  controversial,  substantive  change  in  the  scope  of  authority  over  air  travelers 
claimed  and  exercised  by  the  TSA.  Even  if  such  a  change  were  authorized  by  a  valid  statute,  it 
would  require  a  different  procedure:  notice-and-comment  rulemaking  by  the  TSA  pursuant  to  the 
APA.  The  significance  of  these  procedural  violations  is  heightened  because  the  proposal 
implicates  the  ability  of  individuals  to  exercise  their  right  -  pursuant  to  Federal  statutes,  the  U.S. 
Constitution,  and  international  human  rights  treaties  -  to  travel  by  air  by  common  carrier. 

The  proposal  for  approval  of  TSA  Form  415  and  of  this  information  collection  by  OMB 
should  be  withdrawn.  The  TSA  should  cease  and  desist  from  its  years-old  and  continuing 
unlawful  use  of  Form  415,  and  the  additional  associated  verbal  information  collection,  without 
the  required  OMB  approval.  If  this  proposal  is  submitted  to  OMB,  it  should  be  rejected  as 
procedurally,  substantively,  and  legally  deficient  and  unjustified,  and  as  a  violation  of  the 
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fundamental  statutory,  Constitutional,  and  human  rights  of  air  travelers.  If  the  TSA  believes  such 
a  proposal  is  warranted,  it  should  propose  it  though  APA  notice-and-comment  rulemaking. 


II.  ABOUT  THE  COMMENTERS 

A.  The  Identity  Project  (PapersPlease.org) 

The  Identity  Project  (IDP),  provides  advice,  assistance,  publicity,  and  legal  defense  to 
those  who  find  their  rights  infringed,  or  their  legitimate  activities  curtailed,  by  demands  for 
identification,  and  builds  public  awareness  about  the  effects  of  ID  requirements  on  fundamental 
rights.  IDP  is  a  program  of  the  First  Amendment  Project,  a  nonprofit  organization  providing  legal 
and  educational  resources  dedicated  to  protecting  and  promoting  First  Amendment  rights. 

B.  The  Cyber  Privacy  Project 

The  Cyber  Privacy  Project  (CPP)  is  a  non-partisan  organization  focusing  on 
governmental  intrusions  against  Fourth  and  Fifth  Amendment  rights  of  privacy,  particularly  in 
government  databanks  and  national  identification  schemes  for  voting,  travel,  and  work,  and  on 
medical  confidentiality  and  patient  consent. 

III.  THIS  PROPOSAL  IMPLICATES  FREEDOM  OF  MOVEMENT,  A  STATUTORY, 
CONSTITUTIONAL,  AND  INTERNATIONALLY  RECOGNIZED  HUMAN  RIGHT. 

Freedom  of  movement  ("the  right  of  the  people...  peaceably  to  assemble")  is  recognized 
by  the  First  Amendment  to  the  U.S.  Constitution. 

The  right  of  U.S.  citizens  to  travel  between  states  is  among  the  “privileges  and 
immunities”  protected  by  Article  IV  of  the  U.S.  Constitution,  and  is  a  “liberty”  protected  by  the 


The  Identity  Project  and 
The  Cyber  Privacy  Project 


Comments  on  Certification  of  Identity  Form 

(TSA  Form  415) 
January  9,  2017 


Page  5  of  36 


due  process  requirements  of  the  5th  and  14th  Amendments.  “The  original  conception  of  the 
travel  right  is  explicitly  stated  in  Article  IV  of  the  Articles  of  Confederation  and  remains  in  force 
in  the  parallel  article  of  the  U.S.  Constitution.  Travel  embodies  a  broadly  based  personal, 
political,  and  economic  right  that  encompasses  all  modes  of  transportation  and  movement.”1 

The  right  to  travel  is  also  recognized  in  Article  12  (freedom  of  movement)  of  the 
International  Covenant  on  Civil  and  Political  Rights  (ICCPR),  a  treaty  ratified  by,  and  binding 
on,  the  U.S.  In  addition,  Article  17  of  the  ICCPR  recognizes  a  right  to  protection  against 
"arbitrary  or  unlawful  interference  with  ...  privacy." 

The  TSA,  along  with  all  other  executive  agencies,  has  been  ordered  by  the  President  to 
consider  human  rights  treaties  including  the  ICCPR  in  performing  its  functions  including 
rulemaking:  Executive  Order  13107,  “Implementation  of  Human  Rights  Treaties,”  directs  all 
executive  departments  and  agencies  to  “maintain  a  current  awareness  of  United  States 
international  human  rights  obligations  that  are  relevant  to  their  functions  and...  perform  such 
functions  so  as  to  respect  and  implement  those  obligations  fully.” 

In  addition  to  the  general  Constitutional  right  to  travel,  there  is  an  explicit  mode-specific 
Federal  statutory  right  to  travel  by  air.  “The  public  right  of  freedom  of  transit  through  the 
navigable  airspace”  is  guaranteed  by  the  Airline  Deregulation  Act  of  1978,  codified  at  49  U SC  § 
40101,  40103.  The  same  statute  expressly  requires  that  the  Administrator  of  the  TSA  (exercising 
powers  described  in  the  statute  as  those  of  the  Administrator  of  the  FAA,  but  reassigned  to  the 
TSA  as  part  of  the  creation  of  the  TSA  and  the  Department  of  Homeland  Security),  “shall 
consider”  this  right  in  carrying  out  agency  functions,  which  include  rulemaking. 

1  Richard  Sobel,  The  Right  To  Travel  And  Privacy:  Intersecting  Fundamental  Freedoms,  30  J.  Marshall  J.  Info. 

Tech.  &  Privacy  L.  639,  640  (2014)  <http://repository.jmls.edU/jitpl/vol30/iss4/l>. 
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It  is  essential  to  keep  these  rights  in  mind  in  assessing  the  proposed  (and  in  fact,  as 
discussed  further  below,  longstanding  and  ongoing)  information  collection  from  travelers.  To  the 
extent  that  responding  to  this  information  collection  (or  providing  responses  that  the  TSA  or  its 
contractors  deem  acceptable)  is  made  a  condition  of  the  exercise  of  the  right  to  travel  by 
common  carrier,  it  is  a  condition  on  the  exercise  of  a  fundamental  statutory.  Constitutional,  and 
international  treaty  right,  and  therefore  subject  to  strict  scrutiny.2 


IV.  THE  NOTICE  DOES  NOT  SATISFY  THE  REQUIREMENTS  OF  THE 
PAPERWORK  REDUCTION  ACT  FOR  APPROVAL  OF  A  COLLECTION  OF 
INFORMATION  FROM  MEMBERS  OF  THE  PUBLIC. 

Instead  of  providing  actual  notice  of  what  the  agency  has  done,  is  doing,  and  proposes  to 
do,  and  how  concerned  members  of  the  public  can  obtain  more  information,  the  notice 
concerning  this  proposed  information  collection  published  in  the  Federal  Register  contains 
materially  false  statements  concerning  the  proposal  and  the  agency's  actions. 

These  material  misstatements  deprive  the  public  of  meaningful  notice  of  what  has 
actually  happened  and  is  happening,  and  of  the  opportunity  to  provide  informed  comment  on  the 
agency's  past,  present,  and  proposed  future  actions. 

In  addition,  to  the  extent  that  -  for  whatever  reason  -  those  promulgating  the  notice 
genuinely  believed  these  falsehoods,  they  were  ignorant  of  essential  and  material  elements  of  the 

administrative  and  factual  record  necessary  for  non-arbitrary  agency  decision-making. 

2  This  is  merely  a  summary  of  some  of  the  fundamental  rights  implicated  by  air  travel  by  common  carrier.  As 
discussed  further  below,  this  proceeding  is  a  request  for  approval  of  a  form,  not  a  proposal  for  regulations  to 
require  air  travelers  to  present,  possess,  or  be  eligible  to  acquire  acceptable  government-issued  ID  credentials,  or 
to  identify  themselves.  We  reserve  the  right  to  submit  more  detailed  comments  concerning  the  right  to  travel, 
the  standard  of  review  for  conditions  or  restrictions  on  the  exercise  of  this  right,  and  the  effect  on  this  right  of  ID 
requirements  for  common  carrier  air  travel  if  the  TSA  proposes  rules  to  impose  such  a  requirement. 
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A  materially  false  notice  does  not  satisfy  the  notice  requirements  of  the  PRA.  A  decision 
by  agency  officials  ignorant  of  these  facts  would  be  arbitrary  and  capricious. 

In  addition,  each  of  the  false  statements  in  the  notice  discussed  below  constitutes  a 
violation  of  the  “Information  Quality  Act”  (IQA),  Section  515  of  the  Consolidated 
Appropriations  Act,  2001,  Public  Law  106-554,  and  the  guidelines  for  implementation  of  this 
statute  promulgated  by  OMB  and  the  Department  of  Homeland  Security  (DHS).3 

These  comments  constitute  a  “complaint! ]  ...  regarding  the  accuracy  of  information 
disseminated  by”  the  TSA.  In  accordance  with  the  IQA,  we  request  that  this  complaint  be 
included  in  reporting  by  the  TSA  and  DHS  to  OMB  of  “the  number  and  nature  of  complaints 
received  by  the  agency  regarding  the  accuracy  of  information  disseminated  by  the  agency.” 

A.  The  TSA  does  not  currently  require  travelers  to  provide  ID  documents  to 
fly.  Such  a  new  requirement  is  outside  the  scope  of  OMB  authority  to  approve  a 
collection  of  information,  and  requires  TSA  rulemaking  pursuant  to  the  APA. 

According  to  the  notice  in  the  Federal  Register: 

TSA  requires  individuals  to  provide  an  acceptable  verifying  identity  document  in 
order  to  proceed  through  security  screening,  enter  the  sterile  area  of  the  airport, 
or  board  a  commercial  aircraft. 

In  fact,  the  TSA  does  not  require,  and  the  law  does  not  authorize  the  TSA  to  require,  that 
would-be  travelers  provide  any  verifying  identity  documents.  According  to  longstanding 

practice,  people  who  do  not  provide  any  verifying  identity  document  travel  by  air  every  day  - 

3  See  OMB  Agency  Information  Quality  Guidelines,  <https://www.whitehouse.gov/omb/. 
inforeg_agency_info_quality_links>;  DHS  Information  Quality  Standards, 
<https://www.dhs.gov/information-quality-standards>;  and  TSA  Information  Quality  Standards, 
<https://www.tsa.gov/information-quality-standards>.  Since  the  TSA  has  not  responded  to  informal  requests  for 
correction  of  the  notice,  petitions  for  correction  of  the  inaccurate  information  in  the  notice  are  being  prepared 
for  submission  to  DHS. 
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typically  after  being  required  to  complete  and  sign  TSA  Form  415  and  answer  questions  about 
what  information  is  contained  in  the  file  about  them  obtained  by  the  TSA  from  Accurint.4 5 

The  TSA’s  current  policy  permitting  people  to  fly  without  ID  if  they  submit  to  more 

intrusive  search  was  described  as  follows  by  the  9th  Circuit  Court  of  Appeals  in  Gilmore  v. 

Gonzales \  based  on  review  of  TSA  documents  submitted  ex  parte  and  under  seal: 

The  identification  policy  requires  airline  passengers  to  present  identification  to 
airline  personnel  before  boarding  or  be  subjected  to  a  search  that  is  more  exacting 
than  the  routine  search  that  passengers  who  present  identification  encounter.6 

The  identification  policy  requires  that  airline  passengers  either  present  identification 
or  be  subjected  to  a  more  extensive  search.  The  more  extensive  search  is  similar  to 
searches  that  we  have  determined  were  reasonable  and  "consistent  with  a  full 
recognition  of  appellant’s  constitutional  right  to  travel.”7 

As  discussed  in  more  detail  in  Parts  V  and  VI  of  these  comments  below,  the  TSA  has 
provided,  in  response  to  our  Freedom  of  Information  Act  request,  only  incomplete  and  badly 
munged  portions  of  its  records  of  how  many  people  fly  without  ID  every  day. 

But  the  first  interim  response  to  this  request,  containing  images  of  redacted  excerpts  from 
the  TSA  “IVCC  [ID  Verification  Call  Center]  Daily  Summary”  for  May  6,  2014,  is  instructive.8 

On  that  date,  175  people  were  reported  to  the  IVCC  as  having  sought  to  proceed  through 
TSA  checkpoints  without  initially  presenting  ID  that  the  checkpoint  staff  found  acceptable. 


4  See  the  more  detailed  discussion  of  these  ongoing  practices  below  in  Part  V  of  these  comments. 

5  435  F.  3d  1125  (9th  Circuit  2006),  cert,  denied,  127  S.  Ct.  929  (2007).  Plaintiff-Appellant  Gilmore  is  the 
founder  of  the  Identity  Project,  one  of  the  organizations  submitting  these  comments. 

6  Gilmore  v.  Gonzales,  435  F.  3d  1125  at  1141. 

7  Gilmore  v.  Gonzales,  435  F.  3d  1125  at  1155. 

8  This  first  interim  response  contained  four  images  of  “pages”  of  records  pertaining  to  a  single  day,  although  we 
had  requested  all  such  records  for  all  dates.  We  received  this  first  interim  response  almost  two  years  after 
submitting  our  FOIA  request.  Three  and  half  years  after  we  submitted  this  request,  the  TSA  still  has  not 
completed  its  response.  See  request  and  all  interim  responses  to  date  at 

<https://archive.org/details/TSOC-ID-Verification-Reports>  and  discussion  of  the  status  of  this  request  in  Note 
22  below. 
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Of  these  175  people,  only  three  were  denied  access.  The  other  172  -  more  than  98%  of 
those  who  sought  to  fly  with  no  ID  or  with  unacceptable  ID  -  were  allowed  to  do  so. 

In  light  of  this  current  TSA  policy  and  these  facts,  what  the  notice  should  say  is: 

TSA  is  proposing  to  require  individuals  to  have  been  issued  a  verifying  identity 
document  acceptable  to  the  TSA,  or  reside  in  a  state  that  the  TSA  has  deemed 
compliant  with  the  REAL-ID  Act  or  that  TSA  has  granted  a  discretionary  extension 
of  compliance  with  the  REAL-ID  Act,  in  order  to  proceed  through  security  screening, 
enter  the  sterile  area  of  the  airport,  or  board  a  commercial  aircraft. 

When  the  substance  of  the  proposal  is  stated  accurately,  the  notice  is  fundamentally 
deficient.  Approval  for  this  change  in  requirements  to  travel  (not  a  mere  continuation  of,  or 
change  in,  an  information  collection)  is  being  requested  from  the  wrong  agency,  through  the 
wrong  procedure,  and  without  an  adequate  basis. 

A  change  in  the  requirements  for  air  travel  by  common  carrier  -  such  as  the  proposed  and 
entirely  new  requirement  for  each  would-be  traveler  to  provide  the  TSA  with  a  verifying  identity 
document  or  attest  that  they  have  been  issued  by  some  government  agency  with  such  a  document 
or  reside  in  a  state  that  the  DHS  has  deemed  compliant  with  the  REAL-ID  Act  or  has  granted  an 
extension  of  compliance  -  could  properly  be  initiated  only  through  a  Notice  Of  Proposed 
Rulemaking  (NPRM)  by  the  TSA  in  accordance  with  the  procedural  requirements  of  the  APA. 

If  such  an  NPRM  were  promulgated  for  public  comment,  we  and  many  others  would 
object  to  the  proposal.  It  exceeds  the  statutory  authority  of  the  TSA  and  is  contraiy  to  the 
statutory  duty  of  the  TSA  to  recognize  the  public  right  of  transit  by  air,  the  Constitution,  and  U.S. 
obligations  pursuant  to  international  human  rights  treaties. 

In  addition,  such  a  rule  would  not  be  related  to  any  legitimate  aviation  security  interest. 
According  to  the  notice: 
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TSA  is  updating  the  identity  verification  process  for  travelers  who  arrive  at  an  airport 
security  checkpoint  without  an  acceptable  verifying  identity  document...  so  that  it  is 
generally  only  available  to  travelers  who  certify  that  they — 

•  Reside  in  or  have  been  issued  a  driver’s  license  or  state  identification  card  by  a  state 
that  is  compliant  with  the  REAL  ID  Act  or  a  state  that  has  been  granted  an  extension 
by  DHS;  or 

•  Have  been  issued  another  verifying  identity  document  that  TSA  accepts. 

It's  important  to  understand  just  what  the  TSA  is  saying,  and  the  import  of  the  practice  the 
notice  describes.  If  the  TSA  were  to  promulgate  such  a  rule,  travelers  would  still  be  able  to  fly 
with  no  ID  at  all,  just  as  they  are  today.  This  would  still  be  true,  as  it  is  today,  for  individuals  who 
have  never  been  issued,  or  applied  for,  any  government-issued  ID.  But  it  would  only  be 
permissible,  under  a  rule  such  as  the  TSA  is  contemplating,  for  individuals  without  ID  to  fly  if 
they  reside  in  a  state  that  issues  ID  acceptable  to  the  TSA. 

The  essential  idea  is  to  discriminate  between  people  who  don't  have  or  apply  for 
state-issued  ID  cards,  on  the  basis  of  how  their  states  of  residence  treat  those  who  do  apply. 

Variations  in  the  practices  followed  by  states  in  issuing  driver's  licenses  and  ID  cards,  or 
whether  data  about  those  driver's  licenses  and  ID  cards  is  shared  with  other  states,  provide  no 
legitimate  basis  for  differential  treatment,  on  the  basis  of  state  of  residence,  of  those  individuals 
who  do  not  have  state-issued  ID.  Whatever  claims  the  TSA  might  make  about  security  benefits 
of  these  ID  issuance  procedures  or  their  use  as  a  basis  for  discrimination  between  holders  of  ID 
cards  issued  by  different  states,  the  state  of  residence  of  an  individual  who  does  not  present  ID 
bears  no  rational  relationship  to  whether  that  individual  poses  a  threat  to  aviation  safety. 
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To  put  it  another  way,  there  is  no  reason  to  think  that  a  person  who  has  not  chosen  to 
apply  for  state  ID  as  a  resident  of  compliant  state  X  posed  less  of  a  threat  to  aviation  security 
than  an  individual  who  has  not  chosen  to  apply  for  state  ID  as  a  resident  of  noncompliant  state  Y. 

Why,  given  the  lack  of  any  rational  relationship  of  state  of  residence  to  aviation  security, 
would  the  TSA  discriminate  between  people  who  have  not  been  issued  with  state  ID  on  the  basis 
of  their  state  of  residence,  or  on  the  basis  of  how  that  state  treats  people  who,  unlike  these 
individuals,  apply  for  or  are  issued  with  state  ID? 

The  only  apparent  explanation  for  this  otherwise  perverse-seeming  practice  is  that  the 
TSA's  real  purpose  in  making  this  change  is  to  coerce  states  to  comply  with  the  REAL-ID  Act  by 
punishing  residents  of  states  whose  governments  don't  comply. 

This  is  both  an  impermissible  purpose  and  an  impermissible  practice.  The  Federal 
government  has  no  authority  to  order  states  to  enact  legislation  on  matters  within  the  jurisdiction 
of  the  states.  The  TSA  has  no  authority  to  discriminate  between  residents  of  different  states  on 
the  basis  of  the  choices  made  by  their  state  governments  on  matters  within  state  jurisdiction. 

We  reserve  the  right  to  raise  these  and  all  other  objections  if  and  when  such  an  NPRM  is 
promulgated. 

But  this  PRA  notice  in  the  Federal  Register  is  not  an  NPRM.  OMB  is  not  authorized  to 
approve  substantive  changes  -  or,  for  that  matter,  to  approve  any  changes  -  in  TSA  regulations. 

The  only  plausible  interpretation  of  the  false  statement  in  the  notice  is  to  mislead  OMB 
and  the  public,  evade  the  requirement  for  public  notice  and  comment,  and  use  the 
innocuous-seeming  device  of  a  request  for  approval  of  an  information  collection  to  affect  a 
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fundamental  and  profoundly  controversial  change  in  substantive  TSA  requirements  and  the  rights 
of  travelers. 

The  TSA  does  not  have  the  authority  to  rule  by  decree,  or  to  create  a  regulatory  fait 
accompli  by  making  new  statements  about  what  it  seeks  to  require.  Valid  rulemaking  requires  the 
promulgation  of  rules,  in  accordance  with  the  procedural  requirements  of  the  Administrative 
Procedure  Act,  Constitutional  due  process,  and  the  procedural  and  substantive  standards 
applicable  pursuant  to  U.S.-ratified  international  human  rights  treaties. 

If  the  TSA  wants  to  "make  it  so"  that  each  air  traveler  is  required  to  provide  an  acceptable 
verifying  identification  document,  or  that  air  travel  without  ID  be  permitted  only  for  residents  of 
certain  states  specified  by  the  DHS,  the  TSA  must  properly  propose  such  a  regulation,  providing 
notice  of  what  it  proposes  to  require  and  of  the  basis  for  its  claimed  authority  to  require  it. 

Whether  or  not  the  TSA  proceeds  with  such  a  rulemaking  -  which,  to  be  clear,  we  don't 
think  it  should,  and  would  oppose  -  OMB  must  reject  this  purported  request  for  approval  of  an 
information  collection  as  exceeding  the  scope  of  OMB  authority,  pursuant  to  the  PRA,  for 
approval  of  a  collection  of  information. 

B.  TSA  Form  415  and  the  associated  verbal  information  collection  are  not 
new,  and  therefore  cannot  be  approved  by  OMB  as  a  “new”  collection  of 
information. 

The  notice  describes  TSA  Form  415  and  its  use  as  "a  new  Information  Collection  Request 
(ICR)  abstracted  below  that  we  will  submit  to  the  Office  of  Management  and  Budget  (OMB)  for 
approval  in  compliance  with  the  Paperwork  Reduction  Act  (PRA)." 
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But  while  TSA  Form  415  has  never  been  submitted  to,  nor  approved  by,  OMB,  neither 
the  form,  its  use,  nor  the  additional  information  collection  associated  with  its  use  are  "new".  As 
chronicled  in  detail  in  Part  V  of  these  comments  below,  TSA  Form  415  and  its  unnumbered 
predecessor  form(s),  and  the  associated  verbal  collection  of  information  from  travelers,  have 
been  in  use  since  at  least  2008. 

Submission  of  a  form  or  other  proposed  ICR  to  OMB  for  approval  after  it  has  been  in  use 
for  more  than  eight  years  is  not,  by  any  plausible  interpretation  of  the  law,  "in  compliance  with" 
the  PRA,  which  requires  OMB  approval  prior  to  the  first  use  of  a  form  or  information  collection. 

The  proposed  submission  to  OMB  should  be  described  as  a  request  for  approval  of  an 
ICR  that  has  been  conducted  unlawfully  without  OMB  approval  since  at  least  2008. 

Given  the  extensive  experience  of  the  TSA  and  the  public  with  this  form  and  information 
collection,  it  would  be  arbitrary  and  capricious  for  OMB  to  approve  it  without  review  of  its 
extensive  track  record.  And  proper  notice  and  comment  would  include  an  invitation  to  members 
of  the  public  to  comment  on  their  experiences  with  this  form  and  information  collection. 

Without  proper  notice  that  this  form  and  information  collection  have  already  been  in  use, 
potential  commenters  might  think  that  they  would  have  to  speculate  about  its  effects,  and  might 
not  realize  that  there  is  an  extensive  agency  record  and  body  of  public  experience  that  could  form 
the  basis  for  better  informed  comments  concerning  the  request  for  OMB  approval. 

In  addition,  potential  commenters  are  likely  to  scrutinize  the  proposal  more  closely  and 
critically  if  they  know  that  the  agency  has  been  acting  illegally  for  many  years. 
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A  new  notice  should  be  promulgated,  properly  describing  this  as  a  request  for  approval  of 
an  ICR  that  has  been  conducted  unlawfully  without  OMB  approval  since  at  least  2008.  A  new 
opportunity  for  public  comment  should  be  provided  following  that  notice. 

C.  Would-be  commenters  have  been  told  that  the  comment  deadline  has 
passed,  depriving  them  of  the  opportunity  for  comment  required  by  the  PRA. 

The  notice  published  in  the  Federal  Register  was  posted  "for  comment"  on 
Regulations.gov  at  <https://www.regulations.gov/document?D=TSA-2013-0001-0075>.  But 
since  the  notice  was  first  posted,  that  Web  page  has  falsely  described  it  as  "Comment  Period 
Closed",  and  has  not  included  any  comment  submission  button,  link,  or  form. 

We  have  been  contacted  by  several  members  of  the  public  who  would  have  prepared  and 
submitted  comments,  but  did  not  do  so,  in  reasonable  reliance  on  Regulations.gov  (which  is  read 
by  far  more  people  than  the  printed  Federal  Register )  as  an  authoritative  official  source  of 
information  concerning  notice  and  comment  on  proposed  rules  and  agency  actions. 

We  and  other  members  of  the  public  contacted  the  TSA  staff  person  named  in  the  notice, 
within  days  of  the  error  appearing  on  Regulations.gov,  to  alert  the  agency  that  comments  were 
not  being  accepted.  The  TSA  has  failed  to  have  the  false  statement  on  Regulations.gov  corrected. 

TSA  staff  told  us  that,  contrary  to  the  plain  language  at  the  top  of  the  page  on 
Regulations.gov,  comments  were  in  fact  open  and  would  be  accepted  by  email  through  January 
9,  2017.  But  members  of  the  public  would  have  no  reason  to  read  further  in  the  notice  or  attempt 
to  submit  comments  by  email  once  they  read  that  the  comment  period  had  already  closed. 
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Members  of  the  public  are  entitled  to  rely  on  Regulations.gov  for  authoritative 
information  about  official  Federal  agency  notices  and  opportunities  for  comment.  Most  members 
of  the  public,  including  many  who  have  contacted  us,  assumed  after  consulting  Regulations.gov 
that  they  were  too  late  to  submit  comments.  Most  members  of  the  public  would  not  bother  to 
prepare  or  try  to  submit  comments  by  email  after  being  told,  through  the  official  Federal 
government  Web  portal  used  for  such  purposes,  that  the  comment  period  had  already  expired. 

When  the  official  Federal  portal  for  comments  is  closed  to  comments  throughout  the 
"comment"  period,  there  is  no  meaningful  opportunity  to  comment.  A  new  notice  and 
opportunity  for  comment  must  be  provided  before  any  valid  agency  action  can  be  taken. 

D.  No  documentation  concerning  this  request  is  available  at  Reginfo.gov, 
depriving  members  of  the  public  of  meaningful  notice  or  opportunity  to 
comment. 

The  notice  claims  that,  “The  ICR  [Information  Collection  Review]  documentation  is 
available  at  http://www.reginfo.gov.”  This  claim  is  false:  No  information  concerning  this 
information  collection  has  yet  been  submitted  to  OMB,  and  no  information  whatsoever 
concerning  it  is  available  at  http://www.reginfo.gov,  on  any  publicly-accessible  Federal  website, 
or  from  the  TSA,  even  if  it  is  specifically  requested.  The  TSA  contact  designated  in  the  notice 
has  confirmed  to  us  that  no  information  other  than  that  which  was  published  in  the  Federal 
Register  notice  is  available  to  would-be  commenters  or  other  members  of  the  public. 

It  is  critical  for  both  the  eventual  reviewers  of  this  request  at  OMB  and  any  subsequent 
court  reviewing  this  administrative  action  to  be  aware  that  the  public  has  not  been  given  actual 
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notice  of,  and  an  opportunity  to  comment  on,  any  of  these  documents.  They  will  only  be 
submitted  to  OMB  or  posted  at  http://www.reginfo.gov  after  the  close  of  public  comments. 

Despite  our  requests  and  diligent  attempts  to  obtain,  review,  and  comment  on  the 
allegedly  supporting  documentation  referred  to  in  the  notice,  it  has  been  withheld  from  us. 

A  new  opportunity  for  public  comment  must  be  offered  after  this  documentation  is  made 
available  to  the  public  and  public  notice  of  its  availability  has  been  promulgated. 


V.  THE  HISTORY  OF  TSA  FORM  415  AND  THE  ASSOCIATED  VERBAL 
COLLECTION  OF  INFORMATION  FROM  TRAVELERS  BY  THE  TSA  SHOWS  A 
FAILURE  TO  COMPLY  WITH  THE  PRA,  APA,  OR  PRIVACY  ACT. 

In  light  of  the  false  characterization  of  TSA  Form  415  as  "new"  in  the  notice,  and  the 
notice  that  elides  any  discussion  of  the  extensive  experience  of  the  TSA  and  the  public  with  its 
use  and  with  the  additional  associated  information  collection,  we  find  ourselves  obliged  to 
supply  a  summary  of  the  background  facts  that  should  have  been  included  in  the  notice,  and  that 
need  to  be  considered  by  OMB,  commenters,  and  any  subsequent  reviewers. 

The  PRA  requires  approval  by  OMB  and  assignment  of  an  OMB  "control  number"  prior 
to  the  commencement  of  any  systematic  collection  of  information  (whether  by  printed  or 
electronic  form  or  verbal  questioning)  from  more  than  ten  members  of  the  public.  The  PRA  also 
requires  the  inclusion  of  that  OMB  control  number  on  the  form  itself,  and  requires  other 
specified  notices  to  each  individual  from  whom  information  is  to  be  collected. 
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The  Privacy  Act  requires  promulgation  of  a  System  Of  Records  Notice  (SORN) 
describing  what  data  is  to  be  collected  from  what  sources,  and  how  it  is  to  be  used,  and  makes  it 
a  criminal  offense  to  maintain  a  system  of  records  about  individuals  without  first  doing  so. 

The  APA  requires  public  notice  and  an  opportunity  to  comment  on  proposed  regulations 
before  they  are  finalized. 

In  2008,  when  the  TSA  implemented  the  "procedures"  involving  the  first  version  of  Form 
415,  and  the  additional  associated  collection  of  information,  the  TSA  did  none  of  these  things. 

Rather  than  operate  in  accordance  with  the  law,  here's  what  the  TSA  actually  did: 

Following  its  standard  operating  procedure  of  rulemaking-by-press-release,  the  TSA 
announced  changes  to  "Airport  ID  Requirements"  on  its  website  on  June  5,  2008. 9  These  were 
stated  as  "requirements",  which  would  imply  either  statutory  requirements  or  regulations  adopted 
through  notice-and-comment  rulemaking  pursuant  to  statutory  authority.  But  neither  the  press 
release  on  the  TSA  website  nor  the  subsequent  TSA  blog  posts10  about  these  new  purported 
"requirements"  cited  to  any  current  or  proposed  regulations  or  statutory  authority. 

Hundreds  of  public  comments  were  posted  in  the  TSA  blog  in  response  to  these  blog 
posts,  and  many  more  comments  were  submitted  to  the  TSA  though  its  blog,  but  not  published. 

Since  the  only  notice  of  the  new  ID  "requirements"  provided  by  the  TSA  was  on  its 
website  and  in  its  blog,  and  since  the  only  opportunity  provided  for  public  comment  was  on  that 
blog,  the  complete  record  of  comments  on  this  topic  submitted  to  the  TSA  blog  -  including  those 

9  "TSA  Announces  Enhancements  to  Airport  ID  Requirements  to  Increase  Safety",  June  5,  2008, 
<http://www.tsa.gov/press/happenings/enhance_id_requirements.shtm>,  archived  at  <http://web.archive.org/ 
web/20080610051740/http://www.tsa.gov/press/happenings/enhance_id_requirements.shtm> 

10  "New  ID  Requirements  Begin  Tomorrow",  June  20,  2008, 
<http://www.tsa.gov/blog/2008/06/new-id-requirements-begin-tomorrow.html>;  "New  ID  Requirements:  The 
First  48",  June  23,  2008,  <http://www.tsa.gov/blog/2008/06/new-id-requirements-first-48.html>;  "ID  Update 
and  Word  on  the  Blog",  June  27,  2008,  <http://www.tsa.gov/blog/2008/06/id-update-and-word-on-blog.html>; 
all  archived  at  <http://web.archive.Org/web/20080630050739/http://www.tsa.gov/blog>. 
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that  weren't  published  -  is  part  of  the  administrative  record  of  this  rulemaking  which  should  be 
made  public  and  submitted  to  OMB  for  consideration. 

Notwithstanding  the  absence  of  statutory  authority,  rulemaking,  or  rules,  the  TSA  and  its 
contractors  began  asking  selected  air  travelers  to  complete  the  form  later  known  as  TSA  Form 
415,  and  collecting  additional  information  verbally  from  them,  on  June  21,  2008." 

On  information  and  belief  -  based  on  published  incident  reports12,  unpublished  reports 
provided  to  the  Identity  Project,  and  TSA  reports  disclosed  to  the  Identity  Project  (and  discussed 
further  below),  in  most  or  all  cases  when  a  traveler  is  asked  or  required  to  complete  Form  415  or 
its  unnumbered  predecessor  form(s),  the  traveler  is  also  asked  a  selection  of  questions  from  a 
standard  list,  the  answers  to  which  are  compared  with  records  from  a  commercial  data  broker.11 

The  day  the  TSA  began  using  this  form,  June  21,  2008,  the  Identity  Project  requested  "a 
copy  of  TSA’s  new  identification  requirement  and  all  documents  relating  to  it,"  pursuant  to  the 
Freedom  Of  Information  Act  (FOIA),  and  requested  expedited  processing  of  that  request.14 


11  See,  "First  Reports  Of  What  It’s  Like  Flying  Without  ID  Arrive",  June  24,  2008, 
<https://papersplease.org/wp/2008/06/24/first-reports-of-what-it%e2%80%99s-like-flying-without-id-arrive/>. 
What  we  believe  to  be  the  first  version  of  the  form  later  known  as  TSA  Form  415  was  first  published  by  the 
Identity  Project  on  our  website  on  July  28,  2008,  at 

<https://papersplease.org/wp/2008/07/28/dhs-ignores-omb-government-approval-process-on-tsa 
%e2%80%99s-questionnaire-form-for-travelers-without-id/>  and  as  part  of  a  blog  post  the  same  day,  "DHS 
Ignores  OMB  Government  Approval  Process  on  TSA’s  Questionnaire  Form  for  Travelers  Without  ID",  July  28, 
2008,  <https://papersplease.org/wp/2008/07/28/dhs-ignores-omb-government-approval-process-on-tsa 
%e2%80%99s-questionnaire-form-for-travelers-without-id/>.  So  far  as  we  know,  no  version  of  Form  415  or  of 
any  of  its  unnumbered  predecessor(s)  has  ever  been  published  by  the  TSA. 

12  See  e.g.  "First  Reports  Of  What  It’s  Like  Flying  Without  ID  Arrive",  June  24,  2008, 
<https://papersplease.org/wp/2008/06/24/first-reports-of-what-it’s-like-flying-without-id-arrive/>. 

13  See,  "Accurint  exposed  as  data  broker  behind  TSA  'ID  verification"',  November  9,  2015, 
<https://papersplease.org/wp/2015/ll/09/accurint-exposed-as-data-broker-behind-tsa-id-verification/>.  An 
identity  thief  familiar  with  the  data  broker's  records  pertaining  to  an  individual  would  typically  be  better  able  to 
tell  the  TSA  or  TSA  contractors  what  the  data  broker's  file  alleges  than  would  the  actual  individual,  who 
probably  has  never  seen  the  data  broker's  records  and  has  no  idea  what  inaccurate  allegations  they  contain. 

14  FOIA  request  later  assigned  request  number  TSA08-0723, 
<https://papersplease.org/wp/wp-content/uploads/2008/06/tsafoiareq62108_final.pdf>,  discussed  in  and  linked 
from  blog  post,  "TSA  Changes  Airport  ID  Requirement;  ID-Less  Could  Be  Denied  Right  to  Fly",  June  23,  2008, 
<https://papersplease.org/wp/ 

2008/06/23/tsa-changes-airport-id-requirement-id-less-could-be-denied-right-to-fly/>. 
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Despite  the  FOIA  deadline  and  the  request  for  expedited  processing,  the  TSA  did  not 
produce  any  responsive  documents  until  more  than  six  months  later.  On  January  12,  2009,  the 
TSA  provided  us  with  five  redacted  pages  of  excerpts  from  the  TSA  "Screening  Management 
SOP",  Revision  3,  May  28,  2008  (Implementation  Date:  June  30,  2008),  "Appendix  2:  Travel 
Document  and  ID  Checks".15  Notably,  the  TSA's  response  to  this  FOIA  request  did  not  include 
any  version,  even  in  redacted  form,  of  the  form  later  known  as  TSA  Form  415,  even  though  the 
form  was  clearly  responsive  to  our  request  for  all  "documents  relating  to"  the  ID  requirement  and 
could  not  plausibly  be  claimed  to  be  exempt,  in  its  entirety,  from  disclosure  pursuant  to  FOIA. 
There  was  no  mention  in  these  records  of  any  request  for  OMB  approval  for  this  form.16 

On  January  31,  2011,  we  made  another  request,  pursuant  to  FOIA,  for  "the  most  recent 
version  of  the  document"  later  known  as  TSA  Form  415  and  "any  records  related  to  requests  for 
approvals  of  this  form  by  OMB,  any  OMB  control  number  assigned  to  any  version  of  this  form, 
or  the  potential  need  for  such  approval."17 

This  time,  the  TSA  delayed  responding  for  even  longer,  more  than  two  years.  Finally,  on 
May  9,  2013,  the  TSA  disclosed  a  version  of  one  side  of  "TSA  Form  415,  August  2008  [File: 
400.7.2]",  with  no  OMB  control  number  or  PRA  notice,  and  51  redacted  pages  of  email 
messages,  some  of  them  discussing  Form  415  as  a  two-sided  form  although  no  portion  of  any 
version  of  the  back  side  of  the  form  was  disclosed.18 


15  Later  published  at  <http://www.papersplease.org/wp/wp-content/uploads/2009/05/tsa_id_sop.pdf>,  linked  from 
and  discussed  in  blog  post,  "TSA  releases  (censored)  ID  checking  procedures",  May  26,  2009, 
<https://papersplease.org/wp/2009/05/26/tsa-releases-censored-id-checking-procedures/>. 

16  See  discussion  of  this  and  other  requirements  in  our  blog,  "TSA  'identity  verification’  procedures",  July  8,  2008, 
<https://papersplease.org/wp/2008/07/08/tsa-identity-verification-procedures/>. 

17  Later  designated  as  FOIA  request  TSA11-0344. 

18  Form  415  at  <http://papersplease.org/wp/wp-content/uploads/2013/05/tsa-form-415.pdf>;  FOIA  response  at 
<https://papersplease.org/wp/wp-content/uploads/2013/05/tsall-0344-response-9may2013.pdf>,  linked  from 
and  discussed  in  blog  post,  "TSA  never  got  OMB  approval  for  ’Certification  of  ID’  (Form  415)",  May  29,  2013, 
<https://papersplease.org/wp/2013/05/29/tsa-never-got-omb-approval-for-certificate-of-id-form-415/>. 
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One  of  the  email  messages  included  in  that  response  to  our  FOIA  request  was  from 
"OIMP  Director"  (sender  and  recipient  email  addresses  redacted),  dated  February  10,  2011,  and 
was  apparendy  sent  in  response  to  our  FOIA  request.  The  "Subject:"  header,  unredacted,  was 
"Re:  3600  -  FOIA,  Request  TSA11-0344  (REPLY/NOTICE)". 

This  message19  stated: 

Relative  to  TSA  Form  415,  Certification  of  Identity,  indications  were  the 
form  was  to  be  completed  by  TSA  officials  via  phone  collection  rather  than  issued  to 
persons  to  complete.  Consequently,  it  was  understood  that  Paperwork  Reduction  Act 
(PRA)  was  not  applicable  and  OSO,  as  the  requesting  office,  did  not  request  PRA 
(OMB  submission). 

For  questions  re:  PRA,  pis  contact  OIT's  [redacted],  TSA  PRA  Officer. 

It's  obvious  by  inspection  of  the  form  that  no  competent  person  who  had  seen  the  form 
could  have  made  this  statement  in  good  faith.  Every  version  of  the  form  has  had  a  line  for  the 
signature  of  the  individual  traveler,  and  it  is  not  credible  that  anyone  believed  that  "TSA  officials 
via  phone  collection"  were  expected  to  sign  the  form  in  the  name  of  the  traveler. 

To  summarize  this  history,  the  current  notice  of  TSA  intent  to  seek  OMB  approval  for 
continued  use  of  TSA  Form  415  comes  after  many  years  of  TSA  withholding  of  the  form  itself 
and  the  policies  (if  any)  related  to  its  use,  even  when  they  were  specifically  requested;  failure  to 
provide  public  notice  or  opportunity  for  public  comment  on  these  "requirements";  and  failure  to 
submit  any  version  of  this  form  for  OMB  approval,  even  when  that  was  considered  and  when 
multiple  versions  of  the  (unapproved)  form  had  been  in  use  for  many  years. 


19  Available  at  <https://papersplease.org/wp/wp-content/uploads/2013/05/tsa-form-415-omb.pdf>,  linked  from  and 
discussed  in  blog  post  cited  in  Note  11,  supra. 
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VI.  THE  CURRENT  USE  OF  FORM  415  AND  THE  ADDITIONAL  ASSOCIATED 
INFORMATION  COLLECTION  VIOLATE  THE  PAPERWORK  REDUCTION  ACT. 

The  Paperwork  Reduction  Act,  44  USC  §  3507  (a)(1),  provides  that,  “An  agency  shall 
not  conduct  or  sponsor  the  collection  of  information  unless  in  advance  of  the  adoption  or 
revision  of  the  collection  of  information,  (1)  the  agency  has”  carried  out  a  series  of  steps,  none  of 
which  have  yet  been  taken  with  respect  to  TSA  Form  415,  “(2)  the  Director  [of  OMB]  has 
approved  the  proposed  collection  of  information  ... ;  and  (3)  the  agency  has  obtained  from  the 
Director  a  control  number  to  be  displayed  upon  the  collection  of  information.” 

The  PRA  further  provides  that,  “Notwithstanding  any  other  provision  of  law,  no  person 
shall  be  subject  to  any  penalty  for  failing  to  comply  with  a  collection  of  information  that  is 
subject  to  this  chapter  if  -  (1)  the  collection  of  information  does  not  display  a  valid  control 
number  assigned  by  the  Director  [of  OMB]  in  accordance  with  this  chapter;  or  (2)  the  agency 
fails  to  inform  the  person  who  is  to  respond  to  the  collection  of  information  that  such  person  is 
not  required  to  respond  to  the  collection  of  information  unless  it  displays  a  valid  control 
number.”  (44  USC  §  3512) 

The  TSA  is  an  agency  subject  to  the  PRA.  Freedom  of  travel  is  a  right,  and  denial  or 
interference  with  air  travel  by  common  carrier  is  clearly  a  “penalty”  within  the  meaning  of  this 
section  of  the  PRA. 

Each  time  since  2008  that  TSA  employees  or  contractors,  or  local  law  enforcement 
officers  relying  on  (false)  allegations  by  TSA  staff  or  contractors  that  completion  of  Form  415  or 
responses  to  additional  standardized  verbal  "ID  verification  questions"  were  “required”  by 
Federal  law  or  TSA  regulation  as  a  condition  of  passage,  have  delayed,  detained,  or  prevented  a 
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would-be  traveler  from  passing  through  a  TSA  or  contractor  checkpoint  or  boarding  a  common 
carrier  airline  flight,  they  have  acted  in  flagrant  violation  of  the  PRA  (in  addition  to  other  Federal 
statutes  and  Constitutional  and  human  rights  treaty  provisions). 

How  often  has  this  happened,  during  the  years  that  TSA  Form  415  and  the  associated 
verbal  information  collection  from  travelers  have  been  in  use?  We  don’t  know,  although  we  have 
made  diligent  efforts  to  find  out,  and  are  entitled  to  know. 

No  portion  of  the  administrative  record  that  should  have  been  considered  by  the  agency 
decision-maker  (and  which  it  would  be  arbitrary  and  capricious  not  to  have  considered),  made 
available  to  the  public  for  comment,  and  reviewed  by  OMB  and  any  eventual  reviewing  court, 
has  been  published  by  the  TSA.  As  with  TSA  Form  415  itself,  and  the  list  of  questions  used  for 
the  associated  verbal  information  collection,  records  of  the  actual  experience  of  use  of  TSA  Form 
415  and  the  associated  verbal  information  collection  have  been  made  available  to  the  public  only 
to  the  extent  that  they  have  been  obtained  and  posted  online  by  the  Identity  Project. 

Meaningfully  informed  agency  decision-making,  public  comment,  or  review  of  forms  and 
practices  that  have  been  engaged  in  since  2008  cannot  be  conducted  without  access  to  the 
agency's  records  of  those  many  years  of  agency  experience  and  its  impact  on  the  public.  These 
records  must  be  made  available  to  the  public  by  the  TSA,  and  an  opportunity  provided  for  the 
public  to  comment  on  them  and  use  them  as  the  basis  for  informed  comment  on  any  proposed 
rules  or  information  collection,  before  OMB  can  properly  review  or  approve  this  request. 

The  TSA's  May  9,  2013  response  to  our  FOIA  request  TSA-11-0344,20  included  an 
example  of  a  "TSOC  ID  Verification  Report".  On  June  14,  2013,  we  requested  all  records 
pertaining  to  any  such  report  "or  similar  log,  record,  report,  or  e-mail  message  indicating  the 
20  See  Note  10,  supra. 
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numbers  of  ID  checks,  numbers  of  ID  checks  resulting  in  a  'not  verified'  outcome,  or  numbers  of 
checks  resulting  in  a  'denied'  outcome,  including  but  not  limited  to  any  aggregated  reports  for 
these  quantities  over  any  time  periods,  any  guidelines  or  instructions  for  the  preparation  of  such 
reports  or  the  categorization  of  events  or  outcomes  for  reporting  purposes,  and  any  e-mail 
messages  mentioning  such  reports  or  reporting  protocols."21 

The  TSA  again  dragged  its  feet,  this  time  for  almost  two  years,  before  beginning  to 
respond.  We  received  a  first  (redacted  and  badly  munged)  interim  response  on  May  6,  2014. 
Three  and  a  half  years  after  we  made  our  request,  the  TSA  still  has  not  completed  its  response.22 

This  request  stated,  "With  respect  to  any  e-mail  messages  included  in  the  responsive 
records,  I  specifically  request  access  to  and  copies  of  the  complete  informational  content  of  the 
underlying  electronic  records,  in  their  full  and  complete  form  including  all  headers  and 
attachments,  fully  expanded  e-mail  addresses,  full  addresses  for  address  'aliases',  full  lists  for 
'distribution  list'  aliases,  and  all  related  metadata."  In  extensive  discussions  with  the  TSA  FOIA 
office  during  the  years  this  request  has  been  pending,  we  have  repeatedly  requested  that  access  to 


21  FOIA  request  later  designated  2013-TSFO-01016,  June  14,  2013, 
<https://papersplease.org/wp/wp-content/uploads/2013/06/  foia-tsoc-id-verify-report.pdf>,  linked  from  and 
discussed  in  blog  post,  "How  many  people  fly  without  ID?  How  many  are  denied  the  right  to  fly?",  June  14, 
2013,  <https://papersplease.org/wp/ 

2013/06/14/how-many-people-fly-without-id-how-many-are-denied-the-right-to-fly/>.  Copies  of  this  FOIA 
request  and  all  interim  responses  to  date  are  at  <https://archive.org/details/TSOC-ID-Verification-Reports>. 

22  The  TSA's  "Check  Status  of  [FOIA]  Request"  Web  page,  <https://www.dhs.gov/foia-status>  has  generally 
shown  a  date  one  month  in  the  future,  which  is  moved  back  each  month  by  another  month.  It  appears  to  be  a 
robotic  sham,  not  based  on  actual  estimates.  It's  often  completely  broken.  As  of  this  writing,  for  example,  it 
displays  the  following  "status"  information  and  expected  date  of  completion  of  agency  action  for  this  request: 

"The  number  you  entered  is  2013-TSFO-01016 
Request  Number:  2013-TSFO-01016 
Received  Date:  06/20/2013 
Request  Status:  Documents  Added 
Estimated  Delivery  Date:  12/27/2016 
Closed  Date: 

Check  performed  on  01/05/2017  12:12:22  AM  EST 
Status  information  is  current  as  of  01/04/2017" 

In  other  words,  the  "current"  TSA  estimate  is  that  its  response  will  be  completed  in  negative  one  week's  time. 
Estimates  of  the  TSA's  belief  in  its  ability  to  travel  backward  in  time  are  not  useful  to  FOIA  requesters. 
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and  copies  of  all  responsive  electronic  records  be  provided  in  their  native  form,  as  bitwise  copies 
of  the  records  as  found  on  digital  devices  or  storage  media. 

The  TSA  has  yet  to  provide  any  responsive  email  messages,  in  any  format. 

Instead  of  complying  with  the  requirement  of  the  FOIA  statute  to  produce  responsive 
records  in  any  format  in  which  they  are  requested  and  can  readily  be  reproduced  (it  is  obviously 
easier  to  to  reproduce  electronic  files  as  bitwise  digital  copies  than  in  any  other  format),  the  TSA 
appears  to  have  followed  the  following  munging  and  substitution  procedure:  (1)  Extract  each 
attached  file  and  separate  it  from  the  email  message,  (2)  view  the  extracted  file  in  an  application 
(such  as  a  word  processing  program,  spreadsheet  application,  etc.)  in  "print  view"  mode,  (3) 
capture  a  screenshot  image  of  each  "page"  of  the  "print  view"  of  the  file,  (4)  create  a  new  PDF 
file,  (5)  paste  the  screenshot  images  into  the  new  PDF  file,  in  random  (or  unexplained)  order,  and 
then  (6)  substitute  the  newly-created  PDF  image  file  for  the  underlying  electronic  records. 

This  procedure  strips  out  all  file  metadata,  and  replaces  text  and  tabular  data  with  images. 
It  obfuscates  the  structure  and  format  of  the  underlying  records,  and  greatly  complicates  the  task 
of  parsing,  tabulation,  or  statistical  analysis  of  the  records.  And  it  wastes  agency  time  and  effort, 
delaying  the  already  overdue  agency  response  to  the  FOIA  request.-’1 


23  The  TSA's  record  of  bad  faith,  delay,  failure  to  produce  records  in  the  requested  format,  and  substitution  of 
newly-created  (and  less  useful)  records  for  responsive  records  should  be  assessed  in  the  context  of  the  TSA's 
record  of  personal  animus  and  actual  malice,  explicitly  stated  in  writing  in  the  TSA's  own  records  (obtained  and 
published  by  the  Identity  Project)  toward  individuals  associated  with  the  Identity  Project  and  these  requests.  See 
"How  the  TSA  treats  FOIA  requesters  it  doesn’t  like",  September  5,  2013,  and  documents  linked  from  that 
article  including  libelous  email  message  to  staff  of  the  TSA  FOIA  office  from  TSA  Privacy  Officer  Peter  Pietra, 
December  17,  2009,  <https://papersplease.org/wp/wp-content/uploads/2013/09/pietra-17dec2009.png>  and  our 
appeal  of  the  TSA's  "response"  to  FOIA  request  TSA10-0676,  <https://ia601003.us.archive.Org/0/items/ 
TSA100676AppealAttach4SEP2013/TSA10-0676-appeal-attach-4SEP2013.pdf>. 
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Whatever  the  causes  for  the  TSA's  delay  and  failure  to  date  to  properly  process  and 
respond  to  this  FOIA  request,  the  comment  period  should  be  extended  until  at  least  60  days  after 
the  completion  of  this  response,  including  any  administrative  appeal  and/or  judicial  review. 

While  the  administrative  record  available  to  us  for  review  and  comment  is  incomplete, 
the  redacted  and  munged  fragments  disclosed  to  date  by  the  TSA  provide  significant  clues  as  to 
the  nature,  scope,  and  inappropriateness  of  the  ongoing  verbal  information  collection 
("administrative  interrogation")  of  travelers  by  the  TSA. 

Although  the  TSA  has  never  sought  -  and  even  now  is  not  explicitly  seeking  -  OMB 
approval  for  this  verbal  information  collection,  OMB  approval  was  and  still  is  required. 

The  PRA  explicitly  applies  to  all  information  collection,  "regardless  of  form  or  format": 

[T]he  term  “collection  of  information”  ...  means  the  obtaining,  causing  to  be 
obtained,  soliciting,  or  requiring  the  disclosure  to  third  parties  or  the  public,  of  facts 
or  opinions  by  or  for  an  agency,  regardless  of  form  or  format,  calling  for  ...  answers 
to  identical  questions  posed  to,  or  identical  reporting  or  recordkeeping  requirements 
imposed  on,  ten  or  more  persons,  other  than  agencies,  instrumentalities,  or 
employees  of  the  United  States.24 

It  appears  from  the  TSA  records  disclosed  to  date  that  identical  questions  have  been 
posed  to  ten  or  more  individuals  by  TSA  staff  and  contractors,  including  without  limitation:25 

1.  Names  of  Other  Residents  at  Address? 

2.  Neighbor’s  Names? 

3.  Names  of  Associates 

4.  Phone  Number? 

5.  Judicial  District? 


24  44  U.S.  Code  §  3502(3)(A). 

25  See,  "How  does  the  TSA  decide  if  you  are  who  you  say  you  are?",  June  9,  2016, 
<https://papersplease.org/wp/2016/06/09/how-does-the-tsa-decide-if-you-are-who-you-say-you-are/>. 
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6.  County  of  Residence? 

7.  Previous  County  of  Residence? 

8.  Previous  Address? 

9.  Other  States  of  Residence? 

10.  Company  Worked? 

11.  Name  of  Past  Employer? 

12.  Employment  History? 

13.  Sporting  License? 

14.  Recreational  License? 

15.  Mother’s  Middle  Name  and  DOB? 

16.  Mother’s  Occupation? 

17.  Father’s  Name  and  DOB? 

18.  Names  of  Relatives? 

19.  Relative’s  Dates  of  Birth? 

20.  City  of  Relative’s  Residence? 

21.  Vehicles  Registered? 

22.  Mother’s  Vehicles? 

23.  Relative’s  Motor  Vehicle  Information? 

24.  Make  and  Model  of  Vehicle? 

Being  unable  or  unwilling  to  answer  each  of  the  questions  above,  or  providing  answers 
that  the  TSA  considered  inconsistent  with  the  (unverified,  "garbage  in,  garbage  out")  data 
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provided  by  the  commercial  data  broker  Accurint,  is  cited  in  TSA  ID  Verification  Call  Center 
reports  as  having  been  the  basis  for  denial  of  passage  through  TSA  or  contractor  checkpoints. 

It  would  be  premature  and  impermissible  for  OMB  to  approve  this  ongoing  unlawful 
verbal  information  collection  unless  and  until  it  is  properly  submitted  for  approval.  That  request 
should  include  a  complete  list  of  the  standard  questions  proposed  to  be  asked.  But  on  its  face, 
the  list  above  strongly  suggests  an  entirely  inappropriate  and  overbroad  program  of  interrogation, 
with  no  relationship  to  or  likely  utility  -  much  less  necessity  -  for  any  lawful  TSA  function. 

VII.  THE  TSA  GREATLY  UNDERESTIMATES,  WITHOUT  ADEQUATE 
FOUNDATION,  THE  BURDEN  OF  THE  PROPOSED  INFORMATION 
COLLECTION. 

According  to  the  notice: 

TSA  estimates  that  approximately  191,214  passengers  will  complete  the  TSA  Form 
415  annually.  TSA  estimates  each  form  will  take  approximately  three  minutes  to 
complete.  This  collection  would  result  in  an  annual  reporting  burden  of  9,561  hours. 

The  notice  gives  no  indication  whatsoever  of  the  basis  for  these  estimates,  the  manner  in 
which  they  were  calculated  or  derived,  or  the  evidence  (if  any)  supporting  them.26 

As  noted  above,  the  claim  that  this  is  a  “new”  information  collection  strongly  suggests 
that  the  agency  personnel  preparing  the  notice  were  unaware  that  this  information  collection  has 
been  going  on  for  more  than  eight  years,  or  of  the  records  of  this  extensive  experience. 

Especially  in  the  absence  of  any  other  disclosed  basis  for  these  estimates,  they  should  be  given 
little  deference  if  they  were  prepared  by  personnel  unfamiliar  with  the  extensive  existing  records. 

26  We  find  it  especially  odd  that  an  estimate  presented  entirely  without  supporting  evidence  or  a  description  of  the 
estimating  methodology  is  specified  to  a  precision  of  six  significant  digits. 
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As  discussed  above,  many  of  those  those  records  -  which  include  more  than  eight  years 
of  reports  to  TSA  headquarters  records  of  the  duration,  to  the  minute,  of  each  incident  in  which  a 
traveler  is  required  to  complete  TSA  Form  415  -  have  been  unlawfully  withheld  from  us  despite 
having  been  requested  more  than  three  years  ago  pursuant  to  FOIA. 

However,  the  records  that  have  been  disclosed  by  the  TSA  to  date  in  partial  response  to 
our  FOIA  request27  suggest  that  the  TSA’s  estimate  of  three  minutes  per  incident  is  far  too  low. 

As  discussed  above,  part  of  the  process  of  “completing”  Form  415  is  responding  to  a  series  of 
questions  posed  by  telephone  by  personnel  at  the  TSA  ID  Verification  Call  Center.21*  The  TSA 
has  provided  no  estimate  of  the  average  time  to  complete  this  verbal  information  collection. 

Based  on  review  of  the  TSOC  ID  Verification  Reports  released  by  the  TSA  to  date,  we  believe 
that  the  average  time  per  incident  required  to  complete  the  entire  information  collection, 
including  the  verbal  information  collection  and  the  written  TSA  Form  415,  is  closer  to  thirty 
minutes  than  three  minutes. 

It  is  also  clear  from  the  TSOC  ID  Verification  Reports  released  by  the  TSA  to  date  that 
the  TSA’s  estimate  of  191,214  is  so  much  higher  than  the  number  of  individuals  currently  being 
required  to  complete  this  form  that  it  cannot  have  been  based  on  these  records  or  past  experience. 

Currently,  the  TSA  requires  any  traveler  who  does  not  present  ID  credentials  the  TSA 
deems  “acceptable”  to  complete  TSA  Form  415  and  respond  to  verbal  information  collection. 

How  many  travelers  is  that  likely  to  be?  The  current  number  is  much  less  than  191,214 
per  year.  The  only  clue  as  to  why  that  might  change  is  the  following  statement  in  the  notice: 

27  This  request  and  all  interim  responses  to  date  are  at  <https://archive.org/details/TSOC-lD-Verification-Reports>. 

28  Sometimes  checkpoint  staff  hand  the  phone  to  the  traveler  and  have  the  traveler  speak  directly  with  IVCC 
personnel.  Sometimes  checkpoint  staff  play  a  game  of  “telephone”  and  relay  questions  and  answers  back  and 
forth  between  the  IVCC  and  the  traveler,  creating  a  risk  that  errors  in  restatement  will  lead  to  denial  of  travel. 
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TSA  will  begin  implementing  the  REAL  ID  Act  at  airport  security  screening 
checkpoints  on  January  22,  2018.  Starting  on  that  day,  TSA  will  not  accept 
state-issued  driver’s  licenses  and  other  state-issued  identification  cards  from  states 
that  are  not  compliant  with  REAL  ID  Act  requirements  unless  DHS  has  granted  the 
state  a  temporary  extension  to  achieve  compliance. 

If  the  TSA  does  not  accept  driver’s  licenses  or  ID  cards  issued  by  states  that  are  not 
compliant  with  REAL-ID  Act  requirements,  all  air  travelers  presenting  driver’s  licenses  or  ID 
cards  issued  by  those  states  will  be  required  to  complete  Form  415  and  answer  IVCC  questions. 

We  can  only  guess  that  the  TSA’s  estimate  is  somehow  derived  from  its  political 
prediction  of  which  states  will  eventually  comply  with  the  REAL-ID  Act. 

But  current  and  historical  numbers  suggest  that  the  TSA’s  estimate  of  likely  state 
noncompliance  with  the  REAL-ID  is  far  too  low.  That  estimate  probably  reflects  wishful  agency 
thinking  about  a  hoped-for,  but  unlikely,  reversal  of  the  public  sentiment  reflected  in  state  policy. 

More  than  a  decade  after  the  enactment  of  the  REAL-ID  Act,  at  most  twelve  of  55  U.S. 
jurisdictions  (states,  U.S.  territories,  and  the  District  of  Columbia)  might  be  compliant. 

One  of  the  statutory  elements  of  the  REAL-ID  Act  is  that  each  state  that  issues  any 
compliant  driver’s  licenses  or  ID  cards  must,  “Provide  electronic  access  to  all  other  States  to 
information  contained  in  the  motor  vehicle  database  of  the  State”  including,  “at  a  minimum  — 
(A)  all  data  fields  printed  on  drivers’  licenses  and  identification  cards  issued  by  the  State;  and  (B) 
motor  vehicle  drivers’  histories,  including  motor  vehicle  violations,  suspensions,  and  points  on 
licenses.”29 

The  only  system  currently  available,  under  development,  or  reasonably  foreseeable  as 
enabling  compliance  with  this  provision  of  the  REAL-ID  Act  is  the  “State-to-State”  (S2S) 
system  operated  by  the  American  Association  of  Motor  Vehicle  Administrators  (AAMVA).  S2S 

29  Real  ID  Act,  Title  II,  Section  202(d)(12),  available  at  <https://www.dhs.gov/xlibrary/assets/real-id-act-text.pdf>. 
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includes  the  national  “State  Pointer  Exchange  System”  (SPEXS).  SPEXS  is  the  centralized, 
privatized,  outsourced  national  ID  database  which  includes  information  about  each  and  every 
driver’s  license  or  ID  issued  by  any  compliant  state.30 

According  to  AAMVA,  the  first  state  to  participate  in  S2S  was  Wisconsin  in  20 15.31  Only 
a  total  of  twelve  states  currently  participate  in  S2S.32  Since  no  state  not  participating  in  S2S  has 
any  other  way  to  comply  with  the  database  access  requirement  of  the  REAL-ID  Act,  at  most 
those  twelve  states  -  not  including  any  of  the  most  populous  states  -  are  currently  compliant. 

Many  of  the  remaining  states  are  barred  by  state  constitutional  provisions  and/or  state 
statutes  from  uploading  their  state  ID  databases  to  SPEXS  or  otherwise  complying  with  the 
REAL-ID  Act.  Public  sentiment  remains  opposed  to  a  national  ID  card  or  national  ID  database. 

In  light  of  the  low  compliance  more  than  a  decade  after  the  enactment  of  the  REAL-ID 
Act  of  2005,  we  expect  that  the  majority  of  jurisdictions  are  likely  to  remain  nonparticipants  in 
SPEXS,  and  thus  noncompliant  with  the  REAL-ID  Act,  a  year  from  now  on  the  TSA’s 
self-imposed  “deadline”  of  January  22,  2018.  Because  those  are  likely  to  continue  to  include 
most  of  the  most  populous  states,  we  expect  that  at  least  75%  of  U.S.  air  travelers  as  of  that  date 
will  continue  to  be  residents  of  noncompliant  states.  And  even  if  we  assume  that  one-third  of 
them  will  present  a  passport  or  some  other  Federally-issued  ID,  that  would  still  mean  that 
roughly  half  of  all  air  travelers  would  be  residents  of  noncompliant  states  with  no  “acceptable” 
ID.  All  of  these  travelers  would  be  required  to  complete  Form  415  and  answer  IVCC  questions. 

30  See,  “How  the  REAL-ID  Act  is  creating  a  national  ID  database”,  February  11,  2016, 
<https://papersplease.org/wp/2016/02/ll/how-the-real-id-act-is-creating-a-national-id-database/>. 

31  Email  to  the  Identity  Project  quoted  in  ‘The  real  state  of  compliance  with  the  REAL-ID  Act”,  February  24, 

2016,  <https://papersplease.org/wp/2016/02/24/the-real-state-of-compliance-with-the-real-id-act/ 

32  AAMVA,  “State  to  State  (S2S)  Verification  Services:  Jurisdictions’  S2S  Testing  &  Implementation  Current 
Status”,  <http://www.aamva.0rg/State-t0-State/#Participati0n>,  accessed  January  6,  2017. 
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In  2015,  the  most  recent  year  for  which  data  has  been  released,  the  TSA  “screened”  708 
million  travelers.33  If  half  of  them  have  no  acceptable  ID  and  consequently  are  subjected  to  this 
information  collection,  that  would  be  about  350  million  people  a  year.  And  if  answering  the 
IVCC  questions  and  filling  out  Form  415  takes  about  thirty  minutes  per  person,  the  total  annual 
burden  of  the  proposed  information  collection  would  be  about  175  million  hours. 

That’s  obviously  unrealistic.  The  real  burden  of  this  proposal  is  that  it  would  create  such 
long  delays  at  TSA  checkpoints  as  to  effectively  shut  down  the  U.S.  air  transportation  system.  It 
should  be  assessed  by  OMB,  and  by  the  public,  on  that  basis. 

The  TSA  will  undoubtedly  say  that  this  won’t  happen  because  residents  of  noncompliant 
states  who  don’t  present  Federally-issued  ID  will  simply  be  turned  away  from  airports.  But  as 
discussed  in  Part  III  of  these  comments  above,  there  is  no  statutory  or  regulatory  basis  for  such 
TSA  denial  of  access  to  travel  by  air. 


VIII.  THE  CURRENT  AND  PROPOSED  VERBAL  AND  WRITTEN 
INFORMATION  COLLECTION  FROM  TRAVELERS  VIOLATES  THE  PRIVACY 
ACT. 

The  Privacy  Act ,  5  U.S.  Code  §  552a  (e)(7),  provides  that  each  agency  shall,  "maintain 
no  record  describing  how  any  individual  exercises  rights  guaranteed  by  the  First  Amendment 
unless  expressly  authorized  by  statute  or  by  the  individual  about  whom  the  record  is  maintained 
or  unless  pertinent  to  and  within  the  scope  of  an  authorized  law  enforcement  activity." 


33  Press  release,  “TSA  releases  2015  statistics”,  January  21,  2016, 

<https://www.tsa.gov/news/releases/2016/01/21/tsa-releases-2015-statistics>. 
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As  discussed  above,  records  of  how,  when,  and  where  we  travel  are,  per  se,  records  of 
how  we  exercise  the  right  to  assemble  (however,  whenever,  and  wherever  we  choose)  guaranteed 
by  the  First  Amendment.  In  addition,  many  of  the  questions  listed  above  (which  we  only  know 
about  because  records  were  maintained  by  the  TSA  of  who  was  asked  these  questions,  whether 
they  answered,  and  whether  their  answers  were  deemed  "acceptable")  pertain  to  how  individuals 
exercise  rights  of  assembly,  association,  and  other  rights  protected  by  the  First  Amendment. 
Questions  asked  of  would-be  travelers  such  as  "Names  of  Associates?"  clearly  implicate  the  right 
to  freedom  of  association,  as  do  others  of  they  questions  mentioned  in  these  records. 

Questioning  by  TSA  staff  and  contractors  is  an  administrative  interrogation,  not  a  law 
enforcement  function.34  Neither  most  TSA  checkpoint  staff  nor  TSA  contractors  are  law 
enforcement  officers.  So  this  record-keeping  cannot  be  justified  under  the  second  fork  of  the 
Privacy  Act  test  as,  "within  the  scope  of  an  authorized  law  enforcement  activity,"  even  if  these 
questions  were  pertinent  to  such  a  purpose,  which  on  their  face  they  do  not  appear  to  be. 

The  maintenance  of  these  records  would  thus  be  permissible  under  the  Privacy  Act  only  if 
it  was  "expressly  authorized  by  statute".  But  whatever  strained  theory  of  implicit  authorization 
the  TSA  may  try  to  construct,  this  record-keeping  is  not  explicitly  authorized  by  any  statute. 


34  It's  not  clear  what,  if  any,  authority  might  exist  for  "administrative  interrogation".  Case  law  on  administrative 
searches  invariably  assumes  that  those  individuals  subjected  to  administrative  searches  have  the  absolute  right  to 
stand  mute.  In  the  only  cases  of  which  we  are  aware  that  have  upheld  administrative  interrogation  at 
drunk-driving  or  immigration  checkpoints,  these  have  been  upheld  only  on  the  basis  that  individuals  were  not 
required  to  respond  to  any  such  questions,  and  must  be  allowed  to  proceed  after  only  a  brief  belay  in  the  absence 
of  evidence  -  independent  of  their  silence  -  sufficient  to  support  a  law  enforcement  detention  or  arrest.  We  are 
aware  of  no  case  law  upholding  compelled  responses  to  administrative  interrogation  by  the  TSA  or  its 
contractors,  or  the  denial  of  passage  by  common  carrier  or  imposition  of  other  penalties  for  non-response. 
Statutory  authority  for  “screening”  is  neither  a  general  warrant  for  search  nor  a  general  subpoena  for  testimony. 
The  obligation  of  travelers  to  submit  to  “screening”  cannot  validly  be  construed  as  an  obligation  to  submit  to 
any  search  or  respond  to  any  interrogatories  declared  by  the  TSA  or  checkpoint  staff  to  constitute  “screening”. 
This  proceeding  is  not  a  rulemaking,  but  these  issues  would  need  to  be  addressed  in  the  rulemaking  if  the  TSA 
were  to  propose  rules  that  would  require  travelers  to  respond  to  administrative  interrogatories. 
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There  is  nothing  in  Federal  statutes  authorizing  the  TSA  to  identify  travelers,  much  less 

explicitly  authorizing  the  keeping  of  records  pertaining  to  travelers'  identities. 

Indeed,  it  has  been  the  consistent  and  explicit  (and  correct)  position  of  the  TSA  itself, 

whenever  the  issue  has  arisen  in  litigation,  that  no  Federal  statute  or  TSA  regulation  requires 

travelers  to  have  or  display  and  ID  credentials  in  order  to  pass  through  TSA  checkpoints. 

This  was  the  argument  made  by  the  TSA  in  Gilmore  v.  Gonzales.3,  It  was  the  TSA’s  own 

argument,  and  the  evidence  submitted  by  the  TSA  itself,  ex  parte  and  under  seal,  which 

persuaded  the  9th  Circuit  Court  of  Appeals  that  Mr.  Gilmore  could  have  flown  with  no  ID  as  a 

“selectee”36  if  he  submitted  to  more  intrusive  search.  That  factual  finding  that  TSA  policy  and 

practice  would  have  allowed  Mr.  Gilmore  to  fly  without  ID  was  critical  to  the  Court’s  decision 

that  Mr.  Gilmore’s  Constitutional  right  to  travel  had  not  been  violated. 

This  was  also  the  testimony  under  oath  of  a  TSA  “Lead  Checkpoint  Security  Officer” 

familiar  with  the  TSA’s  ID  procedures  in  the  criminal  trial  of  State  of  New  Mexico  v.  Phillip 

Mocek.37  “You  don’t  have  to  show  ID.  You  can  fly  without  ID.  We  have  a  procedure  for  that.” 

To  the  extent  that  the  TSA’s  notice  in  the  Federal  Register  explains  or  attempts  to  offer 

any  purported  justification  for  the  proposed  new  ID  requirement,  it  is  the  following: 

To  ensure  that  the  identity  verification  process  described  above  does  not  become  a 
means  for  travelers  to  circumvent  implementation  of  the  REAL  ID  Act,  TSA  is 
updating  the  process... 

This  is,  at  most,  an  argument  that  the  REAL-ID  Act  somehow  implicitly  authorizes  the 
TSA  to  impose  an  ID  requirement  to  fly.  It  does  not  point  to  any  explicit  statutory  authorization 

35  See  Notes  5-7,  supra,  and  accompanying  text. 

36  435  F.  3d  1125  at  1133  (2007). 

37  Criminal  Case  2573709,  Bernalillo  County  Metropolitan  Court.  No  transcript  of  the  trial  was  prepared.  Audio 
recordings  made  by  the  Identity  Project  with  the  permission  of  the  court  are  available  at 
<https://papersplease.org/wp/2011/01/24/audio-state-of-new-mexico-v-phillip-mocek/>. 
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for  such  an  ID  requirement  to  fly,  and  thus  fails  to  satisfy  the  requirements  of  the  Privacy  Act. 

This  statement  in  the  notice  also  fundamentally  misconstrues  the  REAL  ID  Act.38 

The  REAL-ID  Act  pertains  solely  to  which  ID  credentials  are  considered  acceptable  for 
Federal  purposes.  The  REAL-ID  Act  does  not  itself  impose  or  change  any  requirements  for 
when,  where,  or  for  what  purposes  ID  is  required.  The  REAL-ID  Act  contains  no  authorization 
for  the  TSA  or  any  other  agency  to  impose  new  ID  requirements. 

The  REAL-ID  Act  is  implicated  only  in  circumstances  in  which  other  valid  Federal 
statutes  or  regulations  require  acceptable  ID.  Neither  when  the  REAL-ID  Act  of  2005  was 
enacted,  nor  today,  does  any  statute  or  regulation  purport  to  impose  or  purport  to  authorize  the 
TSA  to  impose  any  such  requirement  for  air  travel. 

Circumvention  of  the  REAL-ID  Act  would  consist  of  passing  off  some  non-compliant  ID 
as  acceptable,  or  engaging  in  some  activity  that  requires  ID  -  like  operating  a  motor  vehicle,  and 
unlike  traveling  as  a  passenger  on  a  common  carrier  -  without  having  ID.  A  traveler  who  has  no 
ID,  or  who  does  not  present  any  ID,  is  not  representing  some  other  ID  as  being  compliant  with 
the  REAL-ID  Act,  or  as  acceptable  for  any  Federal  purpose.  Such  a  traveler  is  doing  nothing  to 
circumvent  the  REAL-ID  Act. 

In  the  absence  of  any  valid  statute  or  regulation  requiring  ID  to  fly,  the  REAL-ID  Act  is 
simply  not  implicated  by  air  travel  by  those  who  do  not  have,  or  do  not  chose  to  present,  any  ID. 

Flying  without  ID  is  a  lawful  everyday  activity.  Flying  without  ID  does  not  constitute 
circumvention  of  the  REAL-ID  Act  any  more  than  living,  working,  playing,  moving  from  place 
to  place,  or  engaging  in  any  other  activities  of  life  without  having  been  issued  or  being  in 


38  Public  Law  109-13,  Division  B  -  REAL  ID  Act  of  2005,  119  Stat.  231,  302-23  (May  11,  2005). 
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possession  of  ID  credentials  -  where  those  activities  are  not  subject  to  valid  ID  requirements  as  a 
condition  of  licensing  or  otherwise  -  constitutes  circumvention  of  the  REAL-ID  Act. 


IX.  CONCLUSION  AND  RECOMMENDATIONS 

The  TSA  should  withdraw  this  application.  If  it  does  not  do  so,  OMB  should  reject  it. 

And  the  TSA  should  cease  and  desist  from  any  attempt  to  require  ID  to  travel  by  common  carrier, 
or  to  claim  that  the  REAL-ID  Act  of  2005  or  any  other  Federal  statute  requires,  or  authorizes  the 
TSA  to  require,  that  air  travelers  have  or  provide  ID. 
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Respectfully  submitted, 

The  Identity  Project  (IDP) 
<http://www.PapersPlease.org> 

A  project  of  the  First  Amendment  Project 
1736  Franklin  St.,  9th  Floor 
Oakland,  CA  94612 

The  Cyber  Privacy  Project 
<http://www.cyberprivacyproject.org> 

_ IsL _ 

Edward  Hasbrouck, 

Consultant  to  IDP  on  travel-related  issues 

January  9,  2017 
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The  Cyber  Privacy  Project  (CPP)  submits  these  comments  in  response  to  the  notice  and 
request  for  comments,  “Intent  To  Request  Approval  From  OMB  of  One  New  [sic]  Public 
Collection  of  Information:  Certification  of  Identity  Form  (TSA  Form  4 15)”,  docket  number 
TSA-20 13-000 1-0075,  FR  Doc.  2016-26958,  published  at  81  Federal  Register  78624-78625 
(November  8,  2016). 

I.  INTRODUCTION 

“Big  Brother  in  the  fonn  of  an  increasingly  powerful  government  and  in  an  increasingly 
powerful  private  sector  will  pile  the  records  high  with  reasons  why  privacy  should  give  way  to 
national  security...” 

Justice  William  O.  Douglas 

Almost  50  years  ago,  Justice  William  O.  Douglas,  an  associate  just  of  the  Supreme  Court 
of  the  United  States  warned  us  of  the  potential  for  the  federal  government  to  impinge  on  our 
individual  privacy  rights.  With  any  policy  that  impinges  in  civil  liberties,  we  must  balance  the 
restriction  of  personal  liberties  with  the  benefit  of  increased  personal  safety.  In  this  case,  we 
believe  this  policy  goes  too  far. 

II.  ABOUT  THE  CYBER  PRIVACY  PROJECT 

A.  Cyber  Privacy  Project 

The  Cyber  Privacy  Project  (“CPP”)  is  a  non-partisan  organization  focusing  on 
governmental  intrusions  against  Fourth  and  Fifth  Amendment  rights  of  privacy,  particularly  in 
government  databanks  and  national  identification  schemes  for  voting,  travel  and  work,  and  on 
medical  confidentiality  and  patient  consent.  CPP  director  Richard  Sobel  is  a  scholar  of  identity 
issues,  has  authored  law  review  articles  on  the  subject,  and  was  an  amicus  with  Privacy  Activism 
in  Hiibel  v.  Sixth  Judicial  District  of  Humboldt  County,  542  U.S.  177.  (2004),  and  with  the 
Program  in  Psychiatry  and  Law  at  Harvard  Medical  School  in  Citizens  for  Health  v.  Leavitt ,  428 
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F.3d  167  (3d  Cir.  2005),cert.  denied,  127S.  Ct.  43  (Oct.  2,  2006).  He  has  taught  a  course  on  “The 
Supreme  Court  and  Privacy,”  including  identification  issues. 

B.  The  Constitutional  Alliance 

The  Constitutional  Alliance  is  an  organization  that  was  established  to  protect  citizens 
against  mandated  biometric  enrollment.  The  Constitutional  Alliance  recognizes  that  biometrics  is 
the  linchpin  of  a  surveillance  state  which  undermines  the  First,  Fourth,  and  Fifth  Amendments  to 
the  U.S.  Constitution.  The  Constitutional  Alliance  is  an  organization  comprised  of  state/national 
groups,  state  legislators,  ministries  and  private  citizens.  Mark  Lerner  is  the  Co-Founder  and 
Spokesperson  for  the  Constitutional  Alliance. 

III.  THE  REAL  ID  ACT  IS  UNLIKELY  TO  ACHIEVE  ITS  STATED  GOAL. 

The  TSA  states:  “Secure  driver's  licenses  and  identification  documents  are  a  vital 
component  of  the  Department  of  Homeland  Security's  (DHS's)  national  security  strategy.  In 
particular,  preventing  terrorists  from  obtaining  state-issued  identification  documents  is  critical  to 
securing  the  United  States  against  terrorism.” 

The  stated  goal  of  the  TSA  is  to  increase  the  nation’s  security  through  the  implementation 
of  the  REAL  ID  Act.  However,  there  is  no  logical  connection  between  the  use  of  the  “REAL  ID” 
for  domestic  travel  and  the  prevention  of  terrorist  activity. 

Given  the  low  probability  of  successfully  preventing  a  security  breech  through  Real  IDs 
as  opposed  to  more  effective  forms  of  intelligence  gathering  and  law  enforcement,  the  TSA  is 
impinging  upon  a  major  right  of  travelers. 


Cyber  Privacy  Project  and 
The  Constitutional  Alliance 


Comments  on  Certification  of  Identity  Form 
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IV.  THE  REAL  ID  ACT  VIOLATES  THE  CONSTITUTIONALLY  PROTECTED 
RIGHTS  OF  INDIVIDUALS  AS  WELL  AS  THE  STATES  THEMSELVES. 


The  Congressional  Research  Service  Report  of  2008  notes,  there  are  many  Constitutional 
issues  that  REAL  ID  raises:  10th  amendment,  federalism  and  anti-commandeering;  freedom  of 
travel,  religious  freedom  against  impose  of  digital  photographs,  and  unfunded  mandates  on  the 


states. 


A.  The  REAL  ID  Act  Violates  Individuals'  Rights. 

Chief  Justice  Melville  Fuller,  in  Williams  v.  Fears  (1900): 

"...  Undoubtedly,  the  right  of  locomotion,  the  right  to  remove  from  one  place  to  another 
according  to  inclination,  is  an  attribute  of  personal  liberty,  and  the  right,  ordinarily,  of  free  transit 
from  or  through  the  territory  of  any  State  is  a  right  secured  by  the  Fourteenth  Amendment  and  by 
other  provisions  of  the  Constitution.  ...” 

(U.S.  Constitution,  Amendment  1): 

"Congress  shall  make  no  law  ...  abridging  ...  the  right  of  the  people  peaceably  to  assemble" 
(Universal  Declaration  of  Human  Rights,  Article  13): 

"Everyone  has  the  right  to  freedom  of  movement  and  residence  within  the  borders  of  each  state. 
Everyone  has  the  right  to  leave  any  country,  including  his  own,  and  to  return  to  his  country." 

(United  Nations  Human  Rights  Committee,  General  Comment  No.  27): 

"Liberty  of  movement  is  an  indispensable  condition  for  the  free  development  of  a  person." 


The  mere  assertion  that  the  TSA  seeks  to  provide  additional  security  to  passengers  does 
not  provide  adequate  justification  for  abridgement  of  constitutional  rights  of  the  individual. 

B.  The  REAL  ID  Act  Violates  States’  Rights. 

(U.S.  Constitution,  Amendment  10): 

“The  powers  not  delegated  to  the  United  States  by  the  Constitution,  nor  prohibited  by  it  to  the 
States,  are  reserved  to  the  States  respectively,  or  to  the  people.” 


The  states  have  police  powers  granted  to  them  under  the  10lh  Amendment  of  the  U.S. 
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Constitution.  This  is  not  a  federal  power,  and  hence  the  TSA's  imposition  of  Real  ID 
requirements  unconstitutionally  violates  constitutional  principles  of  federalism  and  anti¬ 
commandeering. 

Additionally,  the  imposition  of  this  rule  by  the  TSA  would  amount  to  an  unfunded 
mandate  which  would  violate  the  Unfunded  Mandates  Reform  Act  which  was  approved  in  1995. 
V.  CONCLUSION 

In  short,  based  on  the  fact  that  the  REAL  ID  Act  is  unlikely  to  achieve  its  stated  goal,  that 
is  violates  the  constitutionally  protected  rights  of  individuals  as  well  as  the  states  themselves,  and 
saddles  the  state  governments  with  an  unfunded  mandate  at  a  time  when  most  state  governments 
cannot  afford  it,  this  proposal  should  be  denied  in  its  entirety. 

Respectfully  submitted, 

Cyber  Privacy  Project  (CPP) 

http://cvberprivacvproiect.org/ 

The  Constitutional  Alliance 

http://www.constitutionalalliance.org/ 


Ian  Sharping, 

Consultant  to  CPP  on  travel-related  issues 


January  9,  2017 
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TRANSPORTATION  SECURITY  ADMINISTRATION 

Intent  To  Request  Approval  From  OMB  of  One  New  Public  Collection  of  Information: 
Certification  of  Identity  Form  (TSA  Form  415) 

[Docket  No.  2016-26958] 

January  9,  2017 


By  notice  published  November  8,  2016  the  Transportation  Security  Administration 
(“TSA”)  requested  public  comments  regarding  the  agency’s  intent  to  request  approval  from  the 
Office  of  Management  and  Budget  (“OMB")  to  collect  information  for  a  certification  of  identity 
form  individuals  who  do  not  have  a  REAL  ID  that  the  DHS  has  deemed  a  “compliant”  form  of 
identification. 1  Pursuant  to  this  notice,  the  Electronic  Privacy  Information  Center  (“EPIC”) 
recommends  that  the  TSA  not  pursue  the  proposed  information  collection.  Several  states  still 
rightly  oppose  REAL  ID  precisely  because  of  the  massive  cost  and  the  privacy  concerns  arising 
from  the  excessive  collection  of  personal  information  by  the  federal  government.  The  TSA’s 
proposal  fails  to  address  the  underlying  privacy  objections  to  the  REAL  ID. 

EPIC  is  a  public  interest  research  center  in  Washington,  D.C.  EPIC  was  established  in 

'  Intent  To  Request  Approval  From  OMB  of  One  New  Public  Collection  of  Information:  Certification  of 
identity  Form  (TSA  Form  415),  81  Fed.  Reg.  78,623  (Nov.  8,  2016). 
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1994  to  focus  public  attention  on  emerging  privacy  and  human  rights  related  issues,  and  to 
protect  privacy,  the  First  Amendment,  and  constitutional  values.  EPIC  has  considerable  expertise 
analyzing  the  privacy  and  security  risks  attendant  to  the  design  and  implementation  of  REAL  ID. 
In  2007,  EPIC  filed  comments  on  behalf  of  leading  experts  in  privacy  and  technology  in 
response  to  the  draft  regulations  for  REAL  ID.2  At  the  time,  we  stated,  “REAL  ID  is 
fundamentally  flawed  because  it  creates  a  national  identification  system.  It  cannot  be  fixed  no 
matter  what  the  implementation  regulations  say.  Therefore,  the  REAL  ID  Act  must  be 
repealed.”3  EPIC  also  highlighted  the  privacy  and  security  risks  of  REAL  ID  as  part  of  the 
“Spotlight  on  Surveillance”  series.4  EPIC  also  testified  before  the  Department  of  Homeland 
Security’s  (“DUS”)  Data  Privacy  and  Integrity  Advisory  Committee  and  explained  that  the 
REAL  ID  draft  regulations  impermissibly  create  a  national  identification  system,  prohibited  by 
the  law  that  established  the  DHS,  and  threaten  national  security  and  individual  privacy.5  In  2008, 
EPIC  published  a  report  detailing  the  significant  costs  of  implementing  REAL  ID.1'  EPIC 
explained  that  “[DHS]  []  believes  that  it  can  sweep  aside  the  fact  that  REAL  ID  is  an  unfunded 
mandate  by  allocating  $360  million  to  the  States  for  REAL  ID  implementation... However,  the 


2  EPIC,  Comments  on  DHS  2006-0030:  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for 
Driver's  Licenses  and  Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes  (May  8, 
2007),  http://www.cpic.org/privacy/id_cards/epic_realid_comments.pdf. 

EPIC  and  24  Experts  in  Privacy  and  Technology,  Comments  on  DHS  2006-0030:  Notice  of  Proposed 
Rulemaking:  Minimum  Standards  for  Driver’s  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes  (May  8,  2007)  [hereinafter  “EPIC  Expert  Comments  on  Draft 
Regulations”],  http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf. 

4  See  EPIC,  Federal  REAL  ID  Proposal  Threatens  Privacy  and  Security  (March  2007), 
http://epic.org/privacy/surveillance/spotlight/0307/.  See  also  Anita  Ramasastry,  Why  the  New  Department 
of  Homeland  Security  REAL  ID  Act  Regulations  are  Unrealistic:  Risks  of  Privacy  and  Security  Violations 
and  Identity  Theft  Remain,  and  Burdens  on  the  States  Are  Too  Severe ,  Findlaw,  Apr.  6,  2007, 
http://writ.news.findlaw.com/ramasastry/20070406.html. 

5  Melissa  Ngo,  EPIC,  Testimony  and  Statement  for  the  Record  at  a  Hearing  Before  the  Data  Privacy  and 
Integrity  Advisory  Comm.,  Dep't  of  Homeland  Sec.  (Mar.  21,  2007), 
http://epic.org/privacy/id_cards/ngo_test_032107.pdf. 

6  See  EPIC,  REAL  ID  Implementation  Review:  Few  Benefits,  Staggering  Costs  (May  2008), 
http://epic.org/privacy/id_cards/epic_realid_0508.pdffhereinafter  “EPIC  2008  Report”]. 
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number  still  pales  next  to  the  agency’s  ‘reduced’  estimate  of  $9.9  billion.”7  Our  concerns  about 


the  problems  with  REAL  ID  are  widely  shared  by  many  other  organizations.* 

We  have  attached  to  these  comments  both  the  2007  and  the  2008  Comments  on  REAL  ID 
and  ask  they  be  included  in  the  administrative  record. g 

EPIC  remains  concerned  that  the  REAL  ID  Act  creates  a  national  identification  system, 
in  violation  of  the  DHS  Act,  and  poses  significant  privacy  risks  to  millions  of  individuals. 
Furthermore,  TSA’s  proposed  collection  of  information  will  unduly  burden  millions  of  people  in 
several  states  that  have  rightly  chosen  not  to  comply  with  the  REAL  ID  Act. 

I.  History  of  Opposition  to  A  National  Identification  System  &  REAL  ID 

National  identification  cards  have  long  been  used  to  suppress  minorities,  track  dissidents, 
and  extend  state  authority.111 

a.  Historical  Opposition  to  the  Implementation  of  National  Identification  System 
The  United  States  has  always  opposed  the  creation  of  a  national  identification  system. 
When  the  Social  Security  Number  (“SSN”)  was  created  in  1936,  it  was  meant  to  be  used  only  as 
an  account  number  associated  with  the  administration  of  the  Social  Security  system.1 1  Though 
use  of  the  SSN  has  expanded  considerably,  it  is  not  a  universal  identifier  and  efforts  to  make  it 
one  have  been  consistently  rejected.  In  1971,  the  Social  Security  Administration  task  force  on  the 
Social  Security  Number1"  declined  to  transform  the  number  into  an  ID  card.1 '  The  Health, 


7  REAL  ID  Implementation  Review:  Few  benefits.  Staggering  Costs,  EPIC,  May  2008, 
https://epic.org/privacy/id_cards/epic_realid_0508.pdffhereinafter  “EPIC  2008  Report”]. 

*Speak  Out  Against  REAL  ID.  THE  PRIVACY  COALITION, 
https://www.privacycoalition.org/stoprealid/. 

9  See  Appendix  I  and  II. 

111  See  generally,  EPIC,  National  ID  Cards  and  the  REAL  ID  Act,  http://www.epic.org/privacy/id_cards/. 

1 1  Dep’t  of  Health,  Educ.  &  Welfare,  Secretary’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  125-35  (MIT  1973)  [hereinafter  "HEW  Report  on  Data 
Systems”],  http://www.epic.org/privacy/hew  1 973report/. 

12  See  generally,  EPIC,  Social  Security  Numbers,  http://www.epic.org/privacy/ssn/. 
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Education  and  Welfare  Secretary’s  Advisory  Committee  on  Automated  Personal  Data  Systems 

in  1973  again  rejected  the  creation  of  a  national  identifier  and  advocated  the  establishment  of 

significant  safeguards  to  protect  personal  data.  The  committee  said: 

We  recommend  against  the  adoption  of  any  nationwide,  standard,  personal 
identification  format,  with  or  without  the  SSN,  that  would  enhance  the  likelihood 
of  arbitrary  or  uncontrolled  linkage  of  records  about  people,  particularly  between 
government  or  government-supported  automated  personal  data  systems.  What  is 
needed  is  a  halt  to  the  drift  toward  [a  standard  universal  identifier]  and  prompt 
action  to  establish  safeguards  providing  legal  sanctions  against  abuses  of 
automated  personal  data  systems.14 

The  Federal  Advisory  Committee  on  False  Identification  also  advised  against  the  use  of  a 
national  identifier  in  1 976. 1  ^  In  1977,  the  Privacy  Protection  Study  Commission  recommended 
against  the  adoption  of  a  national  ID  system.16  In  its  report.  Personal  Privacy  in  an  Information 
Society,  the  commission  said  that  it: 

sees  a  clear  danger  that  a  government  record  system,  such  as  that  maintained  by 
the  Social  Security  Administration  or  the  Internal  Revenue  Service,  will  become  a 
de facto  central  population  register  unless  prevented  by  conscious  policy 
decisions.  Therefore  [...]  the  Federal  government  should  act  positively  to  halt  the 
incremental  drift  toward  creation  of  a  standard  universal  label  and  central 
population  register  until  laws  and  policies  regarding  the  use  of  records  about 
individuals  are  developed  and  shown  to  be  effective.17 

In  Congressional  testimony  in  1981,  Attorney  General  William  French  Smith  stated  that 
the  Reagan  administration  was  “explicitly  opposed  to  the  creation  of  a  national  identity  card.”18 
The  Clinton  administration  advocated  a  “Health  Security  Card"  in  1993  and  assured  the  public 


3  Soc.  Sec.  Admin.,  Soc.  Sec.  Number  Task  Force,  Report  to  the  Commissioner  (May  1971). 

14  Dep’t  of  Health,  Educ.  &  Welfare,  Secretary’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  125-35  (MIT  1973)  [hereinafter  “HEW  Report  on  Data 
Systems”],  available  at  http://www.epic.org/privacy/hewl973report/. 

15  Dep’t  of  Justice,  Fed.  Advisory  Comm,  on  False  Identification.  The  Criminal  Use  of  False 
Identification  (Nov.  1976). 

’  Privacy  Prot.  Study  Comm’n,  Personal  Privacy  in  an  Information  Society  (July  1977)  available  at 
http://www.epic.org/privacy/ppscl977report/. 

17  Id. 

18  Robert  B.  Cullen,  Administration  Announcing  Plan,  ASSOCIATED  PRESS,  July  30,  1981. 
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that  the  card,  issued  to  every  American,  would  have  “full  protection  for  privacy  and 
confidentiality.”19  Still,  the  idea  was  rejected  and  the  card  never  was  created.  In  1999,  Congress 
repealed  a  controversial  provision  in  the  Illegal  Immigration  Reform  and  Immigrant 
Responsibility  Act  of  1996  that  authorized  the  inclusion  of  SSNs  on  driver’s  licenses.20 
b.  State  Opposition  to  the  Implementation  of  REAL  ID 
The  DHS  has  repeatedly  stated  that  REAL  ID  is  not  mandatory,  however,  REAL  ID  is 
not  a  “voluntary”  program.  In  2007,  EPIC  noted  that  “States  are  under  considerable  pressure  to 
implement  REAL  ID  and  citizens  who  fail  to  carry  the  new  identity  document  will  find  it 
impossible  to  pursue  many  routine  activities.”21  Furthermore,  in  issuing  the  final  REAL  ID  rule 
DHS  noted  that  it  “believes  that  many  States  may  find  noncompliance  an  unattractive  option" 
because  the  States  would  not  be  able  to  "maintain  the  conveniences  enjoyed  by  their  residents 
when  using  their  State-issued  driver’s  licenses  and  non-driver  identity  cards  for  official  purposes, 
particularly  as  it  pertains  to  domestic  air  travel.”2'  Additionally,  shortly  before  the  passage  of  the 
Act  a  DHS  spokesman  stated  that  “[noncompliance  with  REAL  ID]  will  mean  real  consequences 
for  their  citizens...  if  their  leadership  chooses  not  to  comply.”23 


19  Press  Release,  White  House  Office  of  the  Press  Secretary,  The  Health  Security  Act  Of  1993:  Health 
Care  That’s  Always  There  (Sept.  22,  1993)  available  at  http://www.clintonfoundation.org/legacy/092293- 
press-release-on-health-security-plan.htm. 

211  Illegal  Immigration  Reform  and  Immigrant  Responsibility  Act  of  1996,  Pub.  L.  No.  104-208,  Div.  C, 
Title  III,  §  309  (1996),  amended  by  the  Immigration  and  Naturalization  Service  Data  Management 
Improvement  Act  of  2000,  Pub.  L.  No.  106-215,  1 14  Stat.  337  (2000). 

21  EPIC  and  24  Experts  in  Privacy  and  Technology,  Comments  on  DHS  2006-0030:  Notice  of  Proposed 
Ridemaking:  Minimum  Standards  for  Driver’s  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes  (May  8,  2007)  [hereinafter  “EPIC  Expert  Comments  on  Draft 
Regulations”],  available  at  http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf.  See 
Appendix  II.  at  3. 

22  Final  Rule,  Minimum  Standards  for  Driver's  Licenses  and  Identification  Cards  Acceptable  by  Federal 
Agencies  for  Official  Purposes ,  73  Fed.  Reg.  5271,  5329  (Jan.  29,  2008)  [hereinafter  "REAL  Final  Rule”], 
available  at  http://edocket.access.gpo.gov/2008/08-I40.htm. 

23  Ryan  Singel,  Montana  Governor  Foments  Real  ID  Rebellion ,  WIRED,  Jan.  18,  2008, 
http://blog.wired.com/27bstroke6/2008/01/montana-govemo.html. 
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At  this  point  in  time,  those  concerns  have  become  a  reality  for  some  states  as  they 

currently  face  two  options  (1)  comply  with  the  REAL  ID  Act  or  (2)  not  comply  and  have  their 

citizens  secure  alternative  forms  of  identification  in  order  to  get  on  a  plane.24  These  two  choices 

only  allow  one  to  come  to  the  conclusion  that  REAL  ID  is  a  mandatory  program  as  those  states 

who  do  not  comply  with  the  DHS  mandate  will  suffer  consequences  that  are  effectively  penalties. 

Following  the  enactment  of  the  REAL  ID  Act,  at  least  20  states  enacted  legislation 

opposing  the  REAL  ID  Act."'  While  some  of  those  states,  under  considerable  pressure  from  the 

federal  government,  have  modified  earlier  legislation,21’  many  still  maintain  opposition  to  REAL 

ID.27  Part  of  the  resistance  to  REAL  ID  from  the  states  is  because  the  costs  of  implementing 

REAL  ID  were,  and  remain,  unfunded  by  the  federal  government  and  place  a  large  burden  on  the 

states.  However,  in  addition  to  concerns  as  to  how  states  are  to  pay  for  implementing  the  Act, 

states  also  have  significant  privacy  concerns  as  does  the  general  public. 

II.  Privacy  Risks  Inherent  in  the  REAL  ID  Act 

a.  The  Department  of  Homeland  Security  is  not  fulfilling  their  responsibility  to 
protect  privacy 

The  DHS  stated  ten  years  ago  that  it  is  constrained  in  its  power  to  protect  the  privacy  of 
individuals  and  their  data  under  the  REAL  ID  Act.  The  agency  claimed  in  the  draft  regulations 
that,  “The  Act  does  not  include  statutory  language  authorizing  DHS  to  prescribe  privacy 

24  Jad  Mouawad,  T.S.A.  Moves  Closer  to  Rejecting  Some  State  Driver’s  Licenses  for  Travel,  NEW  YORK 
TIMES,  Dec.  28,  2015,  http://www.nytimes.com/2015/12/29/business/tsa-moves-closer-to-rejecting- 
some-state-drivers-licenses-for-travel.html. 

25  EPIC  2008  Report  Appendix  1;  State  Legislative  Activity  in  Opposition  to  the  Rea!  ID,  NATIONAL 
CONFERENCE  OF  STATE  LEGISLATURES,  Jan.  2014, 

http://www.ncsl.org/documents/standcomm/sctran/REALIDComplianceReport.pdf. 

26  Garry  Rayno,  NH  Senate  Approves  Bill  Allowing  Real  ID  Compliance ,  NEW  HAMPSHIRE  UNION 
LEADER,  Apr.  14,  2016,  http://www.unionleader.com/NH-Senate-approves-bill-allowing-Real-ID- 
compliance;  Jim  Harper,  Once  Again,  REAL  ID  Is  A  National  ID.  CATO  INSTITUTE,  May  25,  2016, 
https://www.cato.org/blog/yes-real-id-national-id. 

Edward  D.  Murphy,  Without  Change  In  State  Law,  Maine  IDs  Won  't  Get  Mainers  Aboard  Airplanes  in 
2018,  PRESS  HERALD,  Oct.  13,  2016,  http://www.pressherald.com/2016/10/12/homeland-security- 
wont-extend-deadline-for-maine-compliance-with-federal-id-law/. 
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requirements  for  the  state-controlled  databases  or  data  exchange  necessary  to  implement  the 
Act.”2*'  REAL  ID  creates  a  national  identification  system  that  affects  245  million  license  and 
cardholders  nationwide,  yet  today  the  DHS  has  still  failed  to  institute  strong  privacy  safeguards 
in  the  system  itself.29  The  agency  has  the  obligation  to  protect  the  privacy  of  individuals  affected 
by  this  system  and  must  do  more  than  the  feeble  attempts  set  out  in  the  Act. 

The  Privacy  Act  of  1974  applies  to  the  entire  national  identification  system  under 
guidelines  set  out  by  OMB  and  DHS.30  The  OMB  guidelines  explain  that  the  Privacy  Act 
“stipulates  that  systems  of  records  operated  under  contract  or,  in  some  instances,  State  or  local 
governments  operating  under  Federal  mandate  ‘by  or  on  behalf  of  the  agency  ...  to  accomplish 
an  agency  function’  are  subject  to  . . .  the  Act."31  The  guidelines  also  explain  that  “systems 
‘maintained’  by  an  agency  are  not  limited  to  those  operated  by  agency  personnel  on  agency 
premises  but  include  certain  systems  operated  pursuant  to  the  terms  of  a  contract  to  which  the 
agency  is  a  party.’’3-  The  REAL  ID  system  is  operated  under  a  Federal  mandate  to  accomplish 
several  agency  functions,  including  immigration  control. 

Because  the  DHS  has  created  this  system,  the  agency  must  fully  apply  Privacy  Act 
requirements  of  notice,  access,  correction,  and  judicially  enforceable  redress  to  the  entire  REAL 
ID  national  identification  system.  The  REAL  ID  Act  states  that  individuals  should  attempt  to 
exercise  their  rights  to  notice,  access,  correction  and  redress  through  State  DMVs,  the  Social 


2S  Dep’t  of  Homeland  Sec.,  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for  Driver 's  Licenses 
and  Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes ,  72  Fed.  Reg.  1 0,8 1 9, 
10,825  (Mar.  9,  2007)  [hereinafter  “REAL  ID  Draft  Regulations”], 
http://edocket.access.gpo.gov/2007/07-1009.htm 

29EMERCjENCY  SUPPLEMENTAL  APPROPRIATIONS  ACT  FOR  DEFENSE,  THE  GLOBAL  WAR 
ON  TERROR,  AND  TSUNAMI  RELIEF,  2005,  109  P.L.  13,  1 19  Stat.  231,  109  P.L.  13,  2005  Enacted 
H.R.  1268,  109  Enacted  H.R.  1268;  6  C.F.R.  37.1  et.  seq. 

30  EPIC  Expert  Comments  on  Draft  Regulations,  6-12. 

31  Office  of  Mgmt.  &  Budget,  Privacy  Act  Implementation:  Guidelines  and  Responsibilities,  40  Fed.  Reg. 
28,948,  28,951  (July  9,  1975),  http://www.whitehouse.gov/omb/inforeg/implementation_guidelines.pdf. 

32  Id. 
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Security  Administration,  the  Department  of  State,  and  the  U.S.  Citizenship  and  Immigration 
Service  (a  part  of  the  Department  of  Homeland  Security).3  ' 

In  enacting  REAL  ID,  DHS  has  punted  the  issue  of  privacy  to  the  States,  but  the  agency 
needs  to  lead.  Various  questions  remain,  including  important  ones  concerning  redress.  The  right 
of  redress  must  be  judicially  enforceable.  The  Privacy  Act  protections  must  be  mandated  in  the 
REAL  ID  regulations  in  order  for  DHS  to  fulfill  its  obligations, 
b.  Privacy  Risks  of  REAL  ID 

There  are  significant  threats  to  individual  privacy  and  security  that  would  be  created  by 
unfettered  access  to  REAL  ID  national  identification  system  data.'”4  Some  of  these  problems  arc 
based  on  the  design  of  the  card,  the  information  required  to  be  stored  on  the  cards,  and  the 
safeguards  for  the  underlying  databases. 

Under  REAL  ID,  a  substantial  amount  of  personal  information  must  be  included  on  the 
card.  This  includes  a  full  legal  name,  digital  photograph,  and  signature  that  can  be  read  by 
common  machine  readable  technology  and  the  information  included  on  the  card  is  not  required 
to  be  encrypted.  Prior  to  enactment,  the  DHS  Privacy  Office  supported  encryption  “because  2D 
bar  code  readers  are  extremely  common,  the  data  could  be  captured  from  the  driver’s  licenses 
and  identification  cards  and  accessed  by  unauthorized  third  parties  by  simply  reading  the  2D  bar 
code  on  the  credential”  if  the  data  is  left  unencrypted.  ’’  There  are  many  examples  of 
unauthorized  users  being  able  to  download  data  from  unencrypted  machine-readable 
technology.3*’ To  protect  privacy  and  improve  security,  this  machine-readable  technology  must 

33  REAL  Final  Rule  at  5284-5284,  supra  note  20. 

34  EPIC  Expert  Comments  on  Draft  Regulations  at  17-28,  supra  note  26. 

35  Dep’t  of  Homeland  Sec.  Privacy  Office,  Privacy  Impact  Assessment  for  the  REAL  ID  Act  1 6  (Mar.  1 , 
2007),  http://www.epic.org/privacy/id_cards/pia_030 1 07.pdf. 

36  EPIC  Expert  Comments  on  Draft  Regulations  at  21-23. 
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either  include  encryption  or  access  must  be  limited  in  some  other  form.  Without  required 
encryption,  REAL  ID  leaves  245  million  individuals  at  risk  for  individual  tracking.37 

DHS  rejected  encryption  in  the  final  rule  because  of  “the  complexities  and  costs  of 
implementing  an  encryption  infrastructure. ’oS  DHS  is  required  to  include  security  protections  on 
the  REAL  ID  card.  Under  the  REAL  ID  Act,  the  card  must  include  “Physical  security  features 
designed  to  prevent  tampering,  counterfeiting,  or  duplication  of  the  document  for  any  fraudulent 
purpose.”3  ’ The  agency  has  this  obligation  and  it  should  not  abdicate  this  responsibility.  If  DHS 
does  not  seek  to  limit  access  to  the  data  on  the  REAL  ID  card,  then  it  is  signaling  that  it  is 
acceptable  for  third  parties  to  download,  access  and  store  data  for  purposes  beyond  the  three 
official  purposes. 

Rejecting  encryption  for  the  2D  barcode  helps  to  push  the  REAL  ID  system  into 
“widespread”  use  in  everyday  life,  a  goal  that  former  DHS  Secretary  Chertoff  and  the  DHS  final 
rule  itself  expect  and  support.  Such  an  expansion  would  harm  both  individual  privacy  and 
security  and  quickly  turn  the  United  States  into  a  country  where  the  REAL  ID  national 
identification  card  is  involuntarily  carried  by  everyone. 

Furthermore,  the  amount  of  information  contained  on  the  REAL  ID  cards  increases  risks 
if  the  card  is  compromised.  There  are  a  number  of  “insider”  and  “outsider”  threats  to  the  massive 
identification  database  connecting  56  States  and  territories.  Creating  a  national  identification 
database  containing  personal  data  of  245  million  State  license  and  ID  cardholders  nationwide, 
one  that  would  be  accessible  from  a  massive  number  of  DMVs  across  the  country,  is  an 
invitation  for  all  criminals  -  whether  identity  thieves  or  terrorists  -  to  break  into  just  one  of  these 
entrance  points  to  gather  such  data  for  misuse. 

'  EPIC  Expert  Comments  on  Draft  Regulations  at  17-18. 

38  REAL  Final  Rule  at  5292. 

39  REAL  ID  Act  at  §202(b)(8). 
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Such  a  system  would  also  be  at  risk  of  abuse  from  authorized  users,  such  as  DMV 
employees,  who  are  bribed  or  threatened  into  changing  the  system  data  or  issuing  “authentic” 
national  identification  cards.  It  is  appropriate  to  note  here  that,  on  the  day  that  DHS  released  the 
final  regulations  for  REAL  ID,  “A  Maryland  Motor  Vehicle  Administration  employee  [...]  and 
four  others  were  indicted  [  ]  on  charges  that  they  made  and  sold  fake  State  driver’s  licenses  and 
identification  cards  in  exchange  for  money.”40 

Identity  theft  continues  to  be  one  of  the  leading  concerns  for  consumers.41  The  FTC 
found  that  in  2015,  the  last  year  for  which  information  is  currently  available,  the  number  of 
identity  theft  claims  they  received  increased  by  more  than  47%  than  identity  theft  incidents 
reported  in  20 14.42  Furthermore,  identity  theft  has  been  one  of  the  top  consumer  issues  for  the 
past  fifteen  years.43 

Large-scale  data  breaches  have  occurred  in  State  DM  Vs  across  the  country;  if  the 
databases  are  linked  under  REAL  ID,  these  breaches  will  only  grow  in  scale.  The  Oregon  DMV 
lost  half  a  million  records  in  2005.44  Also  that  year,  in  Georgia,  a  dishonest  insider  exposed 
465,000  records.4'  In  201 1  a  North  Carolina  DMV  worker  was  charged  with  five  counts  of 
identity  theft  after  she  used  DMV  computers  to  obtain  information  to  take  out  payday  loans  in 
other  people’s  names  46  In  2014,  the  California  DMV  suffered  a  data  breach  where  credit  card 


411  Five  indicted  in  identity  theft  scheme ,  BALTIMORE  SUN.  Jan.  1 1, 2008. 

41  FTC  Releases  Annual  Summary  of  Consumer  Complaints ,  FEDERAL  TRADE  COMMISSION,  Mar.  1 , 
2016,  https://www.ftc.gov/news-events/press-releases/2016/03/ftc-releases-annual-summary-consumer- 
complaints. 

42  Id. 

"Id. 

44  Privacy  Rights  Clearinghouse,  A  Chronology  of  Data  Breaches, 
http://www.privacyrights.org/ar/ChronDataBreaches.htm. 

"Id. 

46  Sloane  Heffeman,  Charge:  Worker  Used  DMV  Computers  for  ID  Theft.  WRAL,  Oct.  17,  201 1, 
http://www.wral.com/news/local/story/10268291/. 
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information  was  compromised  via  their  online  payment  system.4  In  2015,  an  Oregon  man  was 


able  to  download  a  list  that  contained  a  DMV  list  of  identification  numbers  as  well  as  federal 
income  tax  forms  and  was  charged  with  26  counts  of  aggravated  identity  theft.48  The  list  goes  on, 
and  the  personal  information  of  individuals  will  be  endangered  under  the  REAL  ID  national 
identification  system. 

Domestic  violence  survivors  are  particularly  vulnerable  to  compromised  data.  Domestic 
violence  survivors  who  flee  their  abusers,  crossing  into  different  States,  would  be  exposed  if 
their  abuser  breaches  the  security  of  any  one  of  these  56  interconnected  databases.  “An  abuser 
with  an  associate  inside  a  State  DMV,  law  enforcement,  or  other  agency  with  access  to  the  State 
records  would  be  able  to  track  a  victim  as  the  victim  moves  across  the  country.”49 

The  danger  of  negligent  and  accidental  disclosures  is  increased  by  REAL  ID,  as 
substantially  more  government  employees  will  have  access  to  all  motor  vehicle  records 
nationwide.  This  sort  of  inadvertence  will  happen  much  more  frequently  in  a  post-REAL  ID 
world  as  the  access  to  driver’s  license  information  is  spread  throughout  the  national 
identification  system. 


47  Sources:  Credit  Card  breach  at  California  DMV,  KREBS  ON  SECURITY,  Mar.  22,  2014, 
https://krebsonsecurity.com/2014/03/sources-credit-card-breach-at-califomia-dmv/. 

48  Brent  Wclsbcrg,  Convicted  ID  Thief  Found  With  How  To '  Guide,  DMV  Database,  KOIN6, 
http://koin.com/2015/02/12/convicted-id-thief-found-with-how-to-guide-dmv-database/. 

49  EPIC  Expert  Comments  on  Draft  Regulations  at  50,  supra  note  26. 
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c.  Increased  Risks  Associated  with  Hacking 


In  light  of  recent  events  there  is  even  more  reason  to  be  concerned  about  the  likelihood 
and  effects  of  a  data  breach  occurring  of  state  DMV  records.  The  federal  government  has  been 
subject  to  a  number  of  hacks  in  recent  years  which  have  been  incredibly  concerning  to  those 
affected  by  those  hacks  and  the  public  at  large.  The  lack  of  security  features  remain  and  show  the 
risk  of  those  states  that  chose  to  adopt  the  REAL  ID  requirements. 

Recently,  government  data  breaches  have  been  numerous  and  severe  and  have  raised 
concerns  surrounding  the  safety  of  data  in  the  United  States.  In  the  past  three  years,  data 
breaches  have  affected  the  Office  of  Personnel  Management,50  Internal  Revenue  Service,51 
Federal  Bureau  of  Investigation,  and  the  DHS.':  Overall,  the  number  of  government  data 
breaches  has  exploded  in  the  last  decade,  rising  from  5,503  in  2006  to  67,168  in  2014.53 

These  reports  of  hacking  and  data  breaches  are  likely  to  be  of  further  concern  to  state 
officials  who  are  implementing,  or  are  skeptical  of,  REAL  ID  in  light  of  recent  revelations  of  the 
U.S.  Intelligence  Community.  The  intelligence  community  currently  has  information  showing 
that  a  foreign  government  was  responsible  for  hacks  of  the  Democratic  National  Committee  as 
well  as  the  hacking  of  John  Podesta’s  email.54  While  the  full  nature  and  reasons  behind  the  2016 


511  Dan  Goodin,  Call  it  a  “ Data  Rupture”:  Hack  Hitting  OPM Affects  21.5  Million,  ArsTECHNICA  (July  9, 
2015),  http://arstechnica.com/security/20 1 5/07/call-it-a-data-rupture-hack-hitting-opm-affects-2 1  -5- 
million/. 

51  Dan  Goodin,  Call  it  a  “Data  Rupture":  Hack  Hitting  OPM  Affects  21.5  Million ,  ARSTECHNICA  (July  9, 
20 1 5),  http://arstechnica.com/security/20 1 5/07/call-it-a-data-rupture-hack-hitting-opm-affects-2 1  -5- 
million/. 

52  Alexandra  Burlacu,  Teen  Arrested  Over  DHS  and  FBI  Data  Hack,  TECH  TIMES  (Feb.  1 3,  20 1 6), 
http://www.techtimes.com/articles/133501/20160213/teen-arrested-over-dhs-and-fbi-data-hack.htm. 

53  U.S.  Gov’t  Accountability  Office,  Federal  Agencies  Need  to  Better  Protect  Sensitive  Data  4  (Nov.  17, 
2015),  http://www.gao.gov/assets/680/673678.pdf. 

54  Background  to  "Assessing  Russian  Activities  and  Intentions  in  Recent  US  Elections  ”:  The  Analytic 
Process  and  Cyber  Incident  Attribution,  DIRECTOR  OF  NATIONAL  INTELLIGENCE,  Jan.  6,  2017, 
https://www.dni.gov/files/documents/ICA_2017_01.pdf.  See  also  David  Sanger  &  Charlie  Savage,  U.S. 
Says  Russia  Directed  Hacks  to  Influence  Elections,  NEW  YORK  TIMES,  Oct.  7,  2016, 
http://www.nytimes.com/2016/10/08/us/politics/us-formally-accuses-russia-of-stealing-dnc-emails.html. 


REAL  ID  Act  Identity  Verification  Process 
[FR  Doc.2016-26958] 


12 


Comments  of  EPIC 
January  9,  2016 


US  Presidential  Election  hacks  are  still  being  investigated  and  debated,  the  event  should  give 
pause  to  any  state  official  that  is  considering  fully  complying  with  the  REAL  ID  Act.  It  is  clear 
that  large  databases  of  personal  information  are  attractive  targets  for  the  purposes  of  identity 
theft,  blackmail,  or  in  some  cases  simply  for  the  challenge  of  hacking  into  a  government 
database. 

III.  Undue  Burden  on  States  Who  Continue  to  Oppose  REAL  ID 

The  REAL  ID  Act  is  an  unfunded  mandate  that  burdens  states  with  numerous 
unnecessarily  requirements."  Several  states  continue  to  fight  the  implementation  of  REAL  ID.56 
As  such,  the  TSA  has  stated  that  individuals  with  drivers  licenses  and  identification  cards  from 
states  the  DHS  deems  “non-compliant”  will  need  alternative  forms  of  identification  in  order  to 
board  airplanes.57  Consequently,  individuals  in  states  that  oppose  REAL  ID  are  far  more  likely  to 
be  inconvenienced  at  the  airport  under  the  proposed  new  form  of  infonnation  collection. 

In  addition  to  the  eight  states  that  opposed  REAL  ID,  there  are  several  other  whose 
citizens  may  also  be  subjected  to  the  agency’s  data  collection  requirements.  For  example, 


55  See  Emma  Dumain,  Noncompliance  with  REAL  ID  Could  Mean  Real  Trouble  for  S.C.  Travelers,  THE 
POST  AND  COURRIER,  Oct.  30,  2016,  http://www.postandcouricr.com/news/noncompliancc-with-real- 
id-could-mean-rcal-troublc-for-s/article_bf679418-9c7f-l  Ic6-bc47-5fa2c51c2fff.html;  Rachel  E.  Stasscn- 
Berger,  Minnesota  Real  ID  Licenses  Closer  -  But  Still  Far  From  Reality,  TWIN  CITIES  PIONEER 
PRESS,  May  17,  2016,  http://www.twincities.com/2016/05/17/minnesota-rcal-id-licenses-legislature- 
closer-but-still-far-from-reality/;  Dan  Griffin,  REAL  ID  Requirements  Could  Soon  Pose  Problems  for 
Kentucky  Air  Travelers,  WLWT,  Jan.  4,  2017,  http://www.wlwt.com/article/real-id-requirements-could- 
soon-pose-problems-for-kentucky-air-travelers/6895810;  Jack  Suntrup,  Missouri  Lawmakers  Being  to 
Tackle  Real  ID  Problem,  ST.  LOUIS  POST-DISPATCH,  Jan.  13,  2016, 

http://www.stltoday.com/news/local/govt-and-politics/missouri-lawmakers-begin-to-tackle-real-id- 
problem/article_83326247-9410-56c2-adf8-cf2f7821e03e.html;  Denied:  Oklahoma's  request  for  Real  ID 
Act  Extension  Denied,  K.FOR.  Oct.  1 1,  2016,  http://kfor.eom/2016/10/l  1/denied-oklahomas-request-for- 
real-id-act-extension-denied/. 

56  REAL  ID  Enforcement  in  Brief  DEPARTMENT  OF  HOMELAND  SECURITY, 
https://www.dhs.gov/real-id-enforcement-brief. 

57  REAL  ID  Frequently  Asked  Questions  for  the  Public,  DEPARTMENT  OF  HOMELAND  SECURITY, 
https://www.dhs.gOv/real-id-public-faqs#. 
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Montana  has  a  law  that  prevents  them  from  fully  implementing  the  Act.58  Additionally,  states 
like  New  York  and  Oregon  have  been  granted  extensions  and  may  or  may  not  be  fully 
“compliant,”  according  to  the  DHS,  by  2018  which  potentially  puts  them  at  risk  as  well  of 
having  to  go  through  information  collection  practices  when  they  go  to  the  airport.59 

The  proposed  system  creates  a  large  problem  for  states  that  the  DHS  deems  “non- 
compliant.”  The  TSA  seeks  to  implement  information  collection  practices  that  will  burden 
millions  of  traveling  individuals  who  hail  from  states  that  do  not  adhere  to  REAL  ID 
requirements.  Many  of  these  individuals  will  likely  be  entirely  unware  that  their  identification  is 
not  satisfactory  and  that  they  will  be  subject  to  TSA  information  collection  until  they  arrive  at 
the  airport.  These  individuals  will  be  burdened  not  because  they  do  not  have  identification,  but 
because  they  have  identification  that  the  TSA  refuses  to  accept.  Furthermore,  the  proposed 
information  collection  system  penalizes  these  people  for  the  choices  of  their  state  legislators  and 
other  state  officials  who  have  expressed  several  valid  concerns  surrounding  REAL  ID. 
Individuals  should  not  be  punished  when  their  state  representatives  have  strong  concerns  about 
how  REAL  ID  will  impact  their  citizens  to  whom  they  are  all  accountable. 

Given  the  stresses  that  a  number  of  people  face  when  traveling  it  is  entirely  misguided  to 
have  travelers  who  do  have  driver’s  licenses  or  identification  cards  which,  for  years,  have  been 
acceptable  documents  to  show  to  be  able  to  board  a  plane.  This  is  not  an  instance  where 
individuals  arrive  at  the  airport  with  no  proof  of  who  they  are,  it  is  an  instance  of  the  DHS, 


5X  Feds  Deny  Montana  Request  to  Delay  Driver's  License  Law,  BILLINGS  GAZETTE,  Nov.  22,  2016, 
http://billingsgazette.com/news/state-and-regional/montana/feds-deny-montana-request-to-deIay-driver-s- 
license-law/article_bd75d4O-8084-5 1  fb-ab38-98eef440ba97.html. 

59  Katherine  Lam,  New  Yorkers  Have  Until  2018  to  Fly  Domestically  with  their  NY  State  Driver's  License, 
PIX1 1,  Jan.9,  2016,  http://pixl  1. com/201 6/0 l/09/new-yorkers-have-until-2018-to-fly-domestically-with- 
their-ny-state-drivers-license/;  Rachel  La  Corte,  Update:  What  REAL  ID  Means  for  Washington  State, 

THE  SEATTLE  TIMES,  Apr.  10,  2016,  http://www.seattletimes.com/life/travel/what-real-id-means-for- 
washington-state/. 
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through  TSA,  attempting  to  force  states  to  comply  with  their  wishes  and  has  nothing  to  do  with 
airport  security. 

IV.  Conclusion 

The  REAL  ID  Act  still  poses  several  concerns  and  challenges  for  states.  It  remains  an 
unfunded  federal  mandate  that  exposes  millions  of  individuals  to  threats  of  identity  theft  as  well 
as  having  their  information  compromised  and  potentially  exposed.  Several  states  have  chosen  not 
to  comply  with  the  Act  for  reasons  spanning  from  lack  of  federal  funding,  to  opposition  to  a 
national  identification  system,  and  privacy  concerns.  The  proposed  information  gathering  of 
individual  at  airports  essentially  punishes  citizens  for  actions  that  their  state  governments  have 
taken  to  protect  their  privacy. 

EPIC  urges  the  TSA  to  abandon  the  proposed  information  collection  for  individuals  who 
do  not  possess  a  state  driver’s  license  that  fails  to  comply  with  the  DHS’s  view  of  “compliance”: 
the  United  State  has  long  opposed  national  identification  system,  the  privacy  risks  of  REAL  ID 
are  substantial,  and  the  States  were  correct  to  opposed  a  federal  identity  system  not  in  the  best 
interests  of  their  citizens. 


Respectfully  Submitted, 

A/ Marc  'Rotenberg 

Marc  Rotenberg 

EPIC  President  and  Executive  Director 

A/  Jeramie  D.  Scott 

Jeramie  D.  Scott 

EPIC  National  Security  Counsel 

/s/  Xim  MiCCer 
Kim  Miller 
EPIC  Policy  Fellow 
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I.  Introduction 

By  notice  published  on  March  9,  2007.  the  Department  of  Homeland  Security 
(“DHS”)  announced  it  seeks  to  establish  “minimum  standards  for  State-issued  driver’s 
licenses  and  identification  cards  that  Federal  agencies  would  accept  for  official  purposes 
after  May  1 1,  2008,  in  accordance  with  the  REAL  ID  Act  of  2005.”'  Pursuant  to  this 
notice,  the  aforementioned  group  ("Coalition”)  submits  these  comments  to  request  the 
Department  of  Homeland  Security  recommend  to  Congress  that  REAL  ID  is  unworkable 
and  must  be  repealed.  The  REAL  ID  Act  creates  an  illegal  de facto  national  identification 
system  filled  with  threats  to  privacy,  security  and  civil  liberties  that  cannot  be  solved,  no 
matter  what  the  implementation  plan  set  out  by  the  regulations.2  And  if  REAL  ID 
implementation  does  go  forward,  the  protections  of  the  Privacy  Act  of  1974  must  be  fully 
enforced  for  all  uses  of  the  data  current  and  feature.  Agencies  should  not  be  permitted  to 
assert  any  exemptions  and  individuals  must  granted  all  rights,  including  the  judicially 
enforceable  right  to  access  and  correct  their  records  and  to  ensure  compliance  with  all  of 
the  requirements  of  the  Privacy  Act. 

The  problematic  adoption  of  the  law  now  under  consideration  is  now  well  known. 
The  REAL  ID  Act  was  appended  to  a  bill  providing  tsunami  relief  and  military 
appropriations,  and  passed  with  little  debate  and  no  hearings.  It  was  passed  in  this  manner 


1  Dep't  of  Homeland  Sec.,  Notice  of  Proposed  Rulemaking:  Minimum  Standards  for  Driver's  Licenses  and 
Identification  Cards  Acceptable  by  Federal  Agencies  for  Official  Purposes,  72  Fed.  Reg.  10,819  (Mar.  9, 
2007)  ["REAL  ID  Draft  Regulations"],  available  at 

http://a257.g.akamaitech.net/7/257/2422/01jan20071800/edocket.access.gpo.gov/2007/07-  1009.htm;  see 
generally,  EPIC,  National  ID  Cards  and  the  REAL  ID  Act  Page,  http://www.epic.org/privacy/id_cards/; 
EPIC.  Spotlight  on  Surveillance.  Federal  REAL  ID  Proposal  Threatens  Privacy  and  Security  (Mar.  2007), 
http://www.epic.org/privacy/surveillance/spotlight/0307;  Anita  Ramasastry,  Why  the  New  Department  of 
Homeland  Security  REAL  ID  Act  Regulations  are  Unrealistic:  Risks  of  Privacy  and  Security’  Violations  and 
Identity  Theft  Remain,  and  Burdens  on  the  States  Are  Too  Severe,  Findlaw,  Apr.  6.  2007,  available  at 
http://writ.news.fmdlaw.com/ramasastry/20070406.html. 

2  Pub.  L.  No.  109-13,  1 19  Stat.  231  (2005). 
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even  though  Republican  and  Democratic  lawmakers  in  the  Senate  urged  Senate  Majority 
Leader  Bill  Frist  to  allow  hearings  on  the  bill  and  to  permit  a  separate  vote  on  the 
measure.’  The  senators  said  they  believe  REAL  ID  “places  an  unrealistic  and  unfunded 
burden  on  state  governments  and  erodes  Americans’  civil  liberties  and  privacy  rights.”4 
The  people  could  not  speak  during  this  rushed  process.  They  are  speaking  now. 

II.  REAL  ID  Creates  a  National  ID  System 

Throughout  the  history  of  the  United  States,  its  people  have  rejected  the  idea  of  a 
national  identification  system  as  abhorrent  to  freedom  and  democracy.  The  REAL  ID  Act 
and  the  draft  regulations  to  implement  it  create  a  de  facto  national  identification  system, 
and  the  Act  must  be  repealed. 

A.  Americans  Have  Consistently  Rejected  a  National  ID  System 
When  the  Social  Security  Number  (SSN)  was  created  in  1936,  it  was  meant  to  be 
used  only  as  an  account  number  associated  with  the  administration  of  the  Social  Security 
system.5  Though  use  of  the  SSN  has  expanded  considerably,  it  is  not  a  universal  identifier 
and  efforts  to  make  it  one  have  been  consistently  rejected/'  In  1973,  the  Health. 

Education  and  Welfare  Secretary’s  Advisory  Committee  on  Automated  Personal  Data 
Systems  rejected  the  creation  of  a  national  identifier  and  advocated  the  establishment  of 
significant  safeguards  to  protect  personal  information.  The  committee  said: 


1  Press  Release,  S.  Comm,  on  Homeland  Sec.  &  Govemmenlal  Affairs.  Twelve  Senators  Urge  Frist  To 
Keep  Real  ID  Act  Off  Supplemental  Appropriations  Bill  Sweeping  Proposal  Needs  Deliberate 
Consideration  (Apr.  12,  2005),  available  at 

http://www.senate.gov/%7Egov_affairs/index.cfm'?FuseAction=PressReleases.Detail&Affiliation=R&Press 

Release_id=953&Month=4&Year=2005. 

4  Id. 

5  EPIC  &  Privacy  Int’l,  Privacy  and  Human  Rights:  An  International  Survey  of  Privacy  Laws 
and  Practice  47  (EPIC  2004). 

6  See  Marc  Rotenberg,  Exec.  Dir.,  EPIC,  Testimony  and  Statement  for  the  Record  at  a  Hearing  on  Social 
Securin’  Number  High  Risk  Issues  Before  the  Subcomm.  on  Social  Sec.,  H.  Comm  on  Ways  &  Means,  109th 
Cong.  (Mar.  16,  2006),  available  at  http://www.epic.org/privacy/ssn/mar_16test.pdf;  EPIC  page  on  Social 
Security  Numbers,  http://www.epic.org/privacy/ssn/. 
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We  recommend  against  the  adoption  of  any  nationwide,  standard,  personal 
identification  format,  with  or  without  the  SSN.  that  would  enhance  the 
likelihood  of  arbitrary  or  uncontrolled  linkage  of  records  about  people, 
particularly  between  government  or  government-supported  automated 
personal  data  systems.  What  is  needed  is  a  halt  to  the  drift  toward  fa 
standard  universal  identifier]  and  prompt  action  to  establish  safeguards 
providing  legal  sanctions  against  abuses  of  automated  personal  data 
systems.7 

In  1977,  the  Carter  Administration  reiterated  that  the  SSN  was  not  to  become  an 
identifier.  In  Congressional  testimony  in  1981,  Attorney  General  William  French  Smith 
stated  that  the  Reagan  Administration  was  “explicitly  opposed  to  the  creation  of  a 
national  identity  card.”*  When  it  created  the  Department  of  Homeland  Security,  Congress 
made  clear  in  the  enabling  legislation  that  the  agency  could  not  create  a  national  ID 
system.''  In  September  2004,  then-Department  of  Homeland  Security  Secretary  Tom 
Ridge  reiterated,  “ft]he  legislation  that  created  the  Department  of  Homeland  Security  was 
very  specific  on  the  question  of  a  national  ID  card.  They  said  there  will  be  no  national  ID 
card.”10  The  citizens  of  the  United  States  have  consistently  rejected  the  idea  of  a  national 
identification  system. 

B.  REAL  ID  Is  Not  Voluntary 

Supporters  of  REAL  ID  point  to  the  legislation,  which  says  that  State 
implementation  is  “voluntary."  However,  States  are  under  considerable  pressure  to 
implement  REAL  ID  and  citizens  who  fail  to  carry  the  new  identity  document  will  find  it 
impossible  to  pursue  many  routine  activities.  The  administration  has  also  pursued  a 


7  Dep’t  of  Health.  Educ.  &  Welfare,  Sec'y’s  Advisory  Comm,  on  Automated  Personal  Data  Systems, 
Records,  Computers,  and  the  Rights  of  Citizens  (July  1973),  available  at 
http://www.epic.org/privacy/hewl973report/. 

8  Robert  B.  Cullen,  Administration  Announcing  Plan,  Associated  Press,  July  30,  1981. 

9  Pub.  L.  No.  107-296,  1 16  Stat.  2135  (2002). 

10  Tom  Ridge,  Sec'y,  Dep’t  of  Homeland  Sec.,  Address  at  the  Center  for  Transatlantic  Relations  at  Johns 
Hopkins  University:  “Transatlantic  Homeland  Securin’  Conference"  (Sept.  13,  2004),  available  at 
http://www.dhs.gov/xnews/speeches/speech_0206.shtm. 
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heavy-handed  assault  on  those  who  have  raised  legitimate  questions  about  the  efficacy, 
cost,  and  impact  of  the  $23B  program.  Critics  of  REAL  ID  have  been  labeled  anti¬ 
security.  In  Congressional  testimony,  a  high-ranking  DHS  official  said,  “Any  State  or 
territory  that  does  not  comply  increases  the  risk  for  the  rest  of  the  Nation.”"  It  is  not  anti¬ 
security  to  reject  a  national  identification  system  that  does  not  add  to  our  security 
protections,  but  in  fact  makes  us  weaker  as  a  nation.  This  system  is  also  an  unfunded 
mandate  that  imposes  an  enormous  burden  upon  the  states  and  the  citizenry.  The  federal 
government  has  estimated  that  REAL  ID  will  cost  $23.1  billion,  but  it  has  allocated  only 
$40  million  for  implementation  and  has  told  the  states  that  they  may  divert  homeland 
security  grant  funding  already  allocated  to  other  security  programs  for  REAL  ID. 12 

Design  standardization  means  that  anyone  with  a  different  license  or  ID  card 
would  be  instantly  recognized,  and  immediately  suspected.  The  Department  of  Homeland 
Security  already  contemplates  expanding  the  REAL  ID  card  into  “everyday 
transactions.”"  It  will  be  easy  for  insurance  firms,  credit  card  companies,  even  video 
stores,  to  demand  a  REAL  ID  driver’s  license  or  ID  card  in  order  to  receive  services. 
Significant  delay,  complication  and  possibly  harassment  or  discrimination  would  fall 
upon  those  without  a  REAL  ID  card.  In  actuality,  the  “voluntary"  card  is  the  centerpiece 
of  a  mandatory'  national  identification  system  that  the  federal  government  seeks  to 
impose  on  the  states  and  the  citizens  of  the  United  States. 


1 1  Richard  C.  Barth.  Ass't  Sec'y  for  Policy  Development.  Dep't  of  Homeland  Sec.,  Testimony  at  a  Hearing 
on  Understanding  the  Realities  of  REAL  ID:  A  Review  of  Efforts  to  Secure  Drivers'  Licenses  and 
Identification  Cards  Before  the  Subcomm.  on  Oversight  of  Gov't  Management,  the  Federal  Workforce  & 
the  District  of  Columbia,  S.  Comm,  on  Homeland  Sec.  &  Governmental  Affairs ,  1 1 0th  Cong.  (Mar.  26, 
2007)  ["DHS  Testimony  at  REAL  ID  Hearing"),  available  at 
http://hsgac.senate.gov/_files/Testimonybarth.pdf. 

12  REAL  ID  Draft  Regulations  at  10.845,  supra  note  1. 

13  See  Data  Collection  Expansion  discussion,  infra  Section  IX  (DHS  plans  to  expand  uses  of  REAL  ID). 
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C.  Regulations  Create  a  De  Facto  National  ID  System 


The  Department  of  Homeland  Security  draft  regulations  would  (1)  impose  more 
difficult  standards  for  acceptable  identification  documents  that  could  limit  the  ability  of 
individuals  to  get  a  state  drivers  license;  (2)  compel  data  verification  procedures  that  the 
Federal  government  itself  is  not  capable  of  following;  (3)  mandate  minimum  data 
elements  required  on  the  face  of  and  in  the  machine  readable  zone  of  the  card;  (4)  require 
changes  to  the  design  of  licenses  and  identification  cards  (5)  expand  schedules  and 
procedures  for  retention  and  distribution  of  identification  documents  and  other  personal 
data;  and  (6)  dictate  security  standards  for  the  card,  state  motor  vehicle  facilities,  and  the 
personal  data  and  documents  collected  in  state  motor  vehicle  databases.  These  regulations 
create  a  de  facto  national  identification  system. 

State  licenses  and  identification  cards  must  meet  standards  set  out  in  the 
regulations  to  be  accepted  for  Federal  use.  REAL  ID  cards  will  be  necessary  for: 
“accessing  Federal  facilities,  boarding  commercial  aircraft,  and  entering  nuclear  power 
plants.”14  The  Supreme  Court  has  long  recognized  that  citizens  enjoy  a  constitutional 
right  to  travel.  In  Saenz  v.  Roe,  the  Court  noted  that  the  ‘“constitutional  right  to  travel 
from  one  State  to  another'  is  firmly  embedded  in  our  jurisprudence.”15  For  that  reason, 
any  government  initiative  that  conditions  the  ability  to  travel  upon  the  surrender  of 
privacy  rights  requires  particular  scrutiny.  This  is  particularly  relevant  under  the  REAL 
ID  regulations,  as  they  affect  245  million  license  and  cardholders  nationwide.  REAL  ID 
could  preclude  citizens  from  entering  Federal  courthouses  to  exercise  their  right  to  due 


14  REAL  ID  Draft  Regulations  at  10,823,  supra  note  1. 

15  526  U.S.  489  (1999),  quoting  United  Stales  v.  Guest,  383  U.S.  745  (1966). 
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process,  or  from  entering  Federal  agency  buildings  in  order  to  receive  their  Social 
Security  or  veterans’  benefits. 

DHS  may  compel  card  design  standardization,  “whether  a  uniform  design/color 
should  be  implemented  nationwide  for  non-REAL  ID  driver’s  licenses  and  identification 
cards,"  so  that  non-REAL  ID  cards  will  be  easy  to  spot.16  This  universal  card  design  will 
lead  to  a  national  identification  system,  combined  with  the  mandate  under  the  proposed 
regulations  imposing  new  requirements  on  state  motor  vehicle  agencies  so  that  the 
Federal  government  can  link  together  their  databases  to  distribute  license  and 
cardholders’  personal  data,  create  a  national  identification  system.1  DHS  also  has 
considered  expanding  the  official  uses  for  the  REAL  ID  system,  going  so  far  as  to 
estimate  that  one  of  the  ancillary  benefits  of  REAL  ID  implementation  would  be  to 
reduce  identity  theft  -  a  reduction  DHS  bases  on  "the  extent  that  the  rulemaking  leads  to 
incidental  and  required  use  of  REAL  ID  documents  in  everyday  transactions.”18  There  are 
other  ways  in  which  DHS  has  contemplated  expanding  the  uses  of  the  REAL  ID  system 
so  that  the  card  becomes  a  national  identifier  -  one  card  for  each  person  throughout  the 
country.19 

III.  DHS  Has  the  Obligation  to  Protect  Privacy  of  Citizens 

The  Department  of  Homeland  Security  states  that  it  is  constrained  in  its  power  to 
protect  the  privacy  of  individuals  and  their  data  under  the  REAL  ID  Act.  The  agency 
claims  in  the  notice  of  proposed  regulations  that  "The  Act  does  not  include  statutory 

16  REAL  ID  Draft  Regulations  at  10.841,  supra  note  1. 

17  Id.  at  10,825. 

18  Dep't  of  Homeland  Sec..  Regulatory  Evaluation;  Notice  of  Proposed  Rulemaking;  REAL  ID;  6  CFR  Part 
37;  RIN;  I06I-AA37;  Docket  No.  DHS-2006-0030.  at  130  (Feb.  28.  2007)  ["‘Regulatory  Evaluation"], 
available  or  http://www.epic.org/privacy/id_cards/reg_eval_draftregs.pdf. 

19  See  Data  Collection  Expansion  discussion,  infra  Section  IX  (DHS  plans  to  expand  uses  of  REAL  ID). 
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language  authorizing  DHS  to  prescribe  privacy  requirements  for  the  state-controlled 

databases  or  data  exchange  necessary  to  implement  the  Act.’'2"  We  agree  with  Sen. 

Joseph  Lieberman,  who  stated,  "The  concept  that  federal  agencies  need  explicit 

Congressional  authorization  to  protect  Americans’  privacy  is  just  plain  wrong.  In  fact, 

our  government  is  obligated  to  ensure  that  programs  and  regulations  do  not  unduly 

jeopardize  an  individual's  right  to  privacy.”21 

The  draft  regulations  include  little  in  terms  of  privacy  safeguards: 

In  summary,  DHS  has  proposed  the  following  privacy  protections  in  its 
implementing  regulations  for  the  REAL  ID  Act:  (1)  The  State-to-State  data 
exchanges  and  the  State  data  query  of  Federal  reference  databases  will  be  State 
operated  and  governed;  (2)  as  part  of  the  State  certification  process,  States  will  be 
required  to  submit  a  comprehensive  security  plan,  including  information  as  to 
how  the  State  implements  fair  information  principles;  and  (3)  while 
acknowledging  the  benefits  of  employing  encryption  of  the  personal  information 
stored  on  the  identification  cards,  we  invite  comment  on  its  feasibility  and  costs 
and  benefits  to  ensure  that  its  costs  do  not  outweigh  the  benefits  to  privacy.22 

DHS’s  statement  that  it  is  constrained  in  its  ability  to  set  privacy  protections  for  the 

REAL  ID  system  is  a  product  of  the  agency's  mistaken  belief  that  security  and  privacy 

are  separate.  Security  and  privacy  are  intertwined;  one  cannot  have  a  secure  system  if 

privacy  safeguards  are  not  created,  as  well.  DHS  stated  that  it  “believes  that  this  language 

[in  the  REAL  ID  Act]  provides  authority  for  it  to  define  basic  security  program 

requirements  to  ensure  the  integrity  of  the  licenses  and  identification  cards.”2*  Because 

DHS  has  the  authority  to  define  basic  security  requirements,  it  also  has  the  authority  to 

set  basic  privacy  safeguards  for  the  REAL  ID  system. 


20  REAL  ID  Draft  Regulations  at  10,825,  supra  note  1. 

21  Joseph  Lieberman,  U.S.  Senator,  Statement  at  a  Hearing  on  Understanding  the  Realities  of  REAL  ID:  A 
Review  of  Efforts  to  Secure  Drivers'  Licenses  and  Identification  Cards  Before  the  Subcomm.  on  Oversight 
of  Gov't  Management,  the  Federal  Workforce  <5  the  District  of  Columbia,  S.  Comm,  on  Homeland  Sec.  & 
Governmental  Affairs,  1 10th  Cong.  (Mar.  26.  2007). 

22  REAL  ID  Draft  Regulations  at  10,826,  supra  note  1. 

23  Id. 
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The  draft  regulations  create  a  national  identification  system  that  affects  245 
million  license  and  cardholders  nationwide,  yet  DHS  is  hesitant  to  ensure  strong  privacy 
safeguards  in  the  system  itself.  DHS  has  the  obligation  to  protect  the  privacy  of  citizens 
affected  by  this  system  and  must  do  more  than  the  feeble  attempts  set  out  in  the  draft 
regulations. 

A.  Privacy  Act  Applies  Under  OMB  Guidelines 
The  Department  of  Homeland  Security  states  that  the  Privacy  Act  of  1974:J 
applies  to  only  one  part  of  the  REAL  ID  system  -  the  Problem  Driver  Pointer  System.25 
However,  the  Privacy  Act  of  1974  applies  to  the  entire  national  identification  system, 
under  guidelines  set  out  by  the  Office  of  Management  and  Budget  (“OMB"’)  and  the 
Department  of  Homeland  Security  itself. 

The  OMB  guidelines  explain  that  the  Privacy  Act  “stipulates  that  systems  of 
records  operated  under  contract  or,  in  some  instances,  State  or  local  governments 
operating  under  Federal  mandate  ‘by  or  on  behalf  of  the  agency  ...  to  accomplish  an 
agency  function'  are  subject  to  . . .  the  Act.”2'1  The  guidelines  also  explain  that  the 
Privacy  Act  “make[s]  it  clear  that  the  systems  ‘maintained'  by  an  agency  are  not  limited 
to  those  operated  by  agency  personnel  on  agency  premises  but  include  certain  systems 
operated  pursuant  to  the  terms  of  a  contract  to  which  the  agency  is  a  party.”2  The  REAL 
ID  system  is  operated  under  a  Federal  mandate  to  accomplish  several  agency  functions, 
including  immigration  control. 


24  5  U.S.C.  §  552a. 

25  REAL  ID  Draft  Regulations  at  10.826.  supra  note  1. 

26  Office  of  Mgmt.  &  Budget,  Privacy  Act  Implementation:  Guidelines  and  Responsibilities,  40  Fed.  Reg. 
28.948,  28,951  (July  9,  1975)  ["OMB  Guidelines"),  available  at 
http://www.whitehouse.20v/omb/inforeg/implementation_suidelines.pdf. 

21  Id. 
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The  REAL  ID  system  is  covered  by  the  Privacy  Act  under  the  Department  of 

Homeland  Security’s  own  policies.  In  a  policy  guidance  memorandum  from  the  agency’s 

Privacy  Office,  defines  "DHS  Information  Systems"  as  “an  Information  System  operated, 

controlled,  or  directed  by  the  U.S.  Department  of  Homeland  Security.  This  definition 

shall  include  information  systems  that  other  entities,  including  private  sector 

organizations,  operate  on  behalf  of  or  for  the  benefit  of  the  Department  of  Homeland 

Security. ”2S  The  national  system  of  interconnected  State  databases  is  “operate[dl  on 

behalf  of  or  for  the  benefit"  of  DHS.  The  Privacy  Office  also  states: 

As  a  matter  of  DHS  policy,  any  personally  identifiable  information  (PII)  that  is 
collected,  used,  maintained,  and/or  disseminated  in  connection  with  a  mixed 
system  by  DHS  shall  be  treated  as  a  System  of  Records  subject  to  the  Privacy  Act 
regardless  of  whether  the  information  pertains  to  a  U.S.  citizen.  Legal  Permanent 
Resident,  visitor,  or  alien. 

It  is  clear  that,  under  both  DHS  and  OMG  guidelines,  the  REAL  ID  national 
identification  system  is  a  system  of  records  subject  to  the  requirements  and  protections  of 
the  Privacy  Act  of  1974. 

B.  Requirements  of  Notice,  Access,  Correction  and  Judicially  Enforceable 
Redress  Must  Be  Mandated 

If  the  Department  of  Homeland  Security  creates  this  system,  the  agency  must 
fully  apply  Privacy  Act  requirements  of  notice,  access,  correction,  and  judicially 
enforceable  redress  to  the  entire  REAL  ID  national  identification  system.  Though  the 
States  are  asked  to  include  provisions  for  notice,  access,  correction  and  redress,  this  is  not 
enough.  The  Privacy  Act  protections  must  be  mandated  in  the  REAL  ID  implementation 
regulations. 


28  Privacy  Office,  Dep’t  of  Homeland  Sec.,  Privacy  Policy  Guidance  Memorandum  2  (Jan.  19,  2007), 
available  at  http://www.dhs.gov/xlibrary/assets/privacy/privacy_policyguide_2007-l  .pdf. 

25  Id.  at  I . 
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When  it  enacted  the  Privacy  Act  in  1974,  Congress  sought  to  restrict  the  amount 
of  personal  data  that  Federal  agencies  could  collect  and  required  agencies  to  be 
transparent  in  their  information  practices.'0  In  2004,  the  Supreme  Court  underscored  the 
importance  of  the  Privacy  Act’s  restrictions  upon  agency  use  of  personal  data  to  protect 
privacy  interests,  noting  that: 

“[I]n  order  to  protect  the  privacy  of  individuals  identified  in  information  systems 
maintained  by  Federal  agencies,  it  is  necessary  ...  to  regulate  the  collection, 
maintenance,  use,  and  dissemination  of  information  by  such  agencies.”  Privacy 
Act  of  1974,  §2(a)(5),  88  Stat.  1896.  The  Act  gives  agencies  detailed  instructions 
for  managing  their  records  and  provides  for  various  sorts  of  civil  relief  to 
individuals  aggrieved  by  failures  on  the  Government’s  part  to  comply  with  the 
requirements." 

The  Privacy  Act  is  intended  "“to  promote  accountability,  responsibility,  legislative 
oversight,  and  open  government  with  respect  to  the  use  of  computer  technology  in  the 
personal  information  systems  and  data  banks  of  the  Federal  Government!.]”32  It  is  also 
intended  to  guard  the  privacy  interests  of  citizens  and  lawful  permanent  residents  against 
government  intrusion.  Congress  found  that  "the  privacy  of  an  individual  is  directly 
affected  by  the  collection,  maintenance,  use,  and  dissemination  of  personal  information 
by  Federal  agencies,”  and  recognized  that  "the  right  to  privacy  is  a  personal  and 
fundamental  right  protected  by  the  Constitution  of  the  United  States.”33  It  thus  sought  to 
“provide  certain  protections  for  an  individual  against  an  invasion  of  personal  privacy”  by 
establishing  a  set  of  procedural  and  substantive  rights.34 

We  support  the  Department  of  Homeland  Security’s  requirement  that  the  States 
must  include  in  their  "comprehensive  security  plan"  an  outline  of  "how  the  State  will 


.10 

31 

32 

33 

34 


S.  Rep.  No.  93-1 183  at  1  (1974). 

Doe  v.  Chao,  540  U.S.  6 1 4.  6 1 8  (2004). 
S.  Rep.  No.  93-1 183  at  1. 

Pub.  L.  No.  93-579  (1974). 

Id. 
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protect  the  privacy  of  personal  information  collected,  disseminated  or  stored  in 
connection  with  the  issuance  of  REAL  ID  licenses  from  unauthorized  access,  misuse, 
fraud,  and  identity  theft”  and  that  the  State  has  followed  the  Fair  Information  Practices 
(these  are  practices,  not  principles,  as  listed  in  the  draft  regulations),  which  "call  for 
openness,  individual  participation  (access,  correction,  and  redress),  purpose  specification, 
data  minimization,  use  and  disclosure  limitation,  data  quality  and  integrity,  security 
safeguards,  and  accountability  and  auditing.”3'  However,  this  is  not  enough.  The  agency 
must  mandate  minimum  security  and  privacy  safeguards,  which  the  states  should  build 
upon,  to  protect  individuals  and  their  personal  information.  Also,  there  must  be  standards 
for  the  issue  of  redress.  How  will  redress  be  adjudicated  if  one  State  includes  erroneous 
information  in  an  individual’s  file  and  passes  that  information  on  to  another  State?  Will 
the  individual  have  to  petition  both  States  separately  for  redress?  Will  neither  State 
process  the  redress,  because  each  believes  it  to  be  the  responsibility  of  the  other?  The 
right  of  redress  must  be  judicially  enforceable. 

The  right  of  redress  is  internationally  recognized.  The  Organization  for  Economic 
Co-operation  and  Development  (OECD)  Guidelines  on  the  Protection  of  Privacy  and 
Transborder  Flows  of  Personal  Data  recognize  that  “the  right  of  individuals  to  access  and 
challenge  personal  data  is  generally  regarded  as  perhaps  the  most  important  privacy 
protection  safeguard.”36  The  rights  of  access  and  correction  are  central  to  what  Congress 
sought  to  achieve  through  the  Privacy  Act: 

35  REAL  ID  Draft  Regulations  at  10.826.  supra  note  1. 

36  The  OECD  Privacy  Guidelines  of  1980  apply  to  "personal  data,  whether  in  the  public  or  private  sectors, 
which,  because  of  the  manner  in  which  they  are  processed,  or  because  of  their  nature  or  the  context  in 
which  they  are  used,  pose  a  danger  to  privacy  and  individual  liberties.”  Org.  for  Econ.  Co-operation  & 

Dev.,  Guidelines  Governing  the  Protection  of  Privacy  and  Trans-Border  Flow  of  Personal  Data,  OECD 
Doc.  58  final  at  Art.  3(a)  (Sept.  23,  1980),  reprinted  in  M.  Rotenberg  Ed.,  The  Privacy  Law 
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The  committee  believes  that  this  provision  is  essential  to  achieve  an  important 
objective  of  the  legislation:  Ensuring  that  individuals  know  what  Federal  records 
are  maintained  about  them  and  have  the  opportunity  to  correct  those  records.  The 
provision  should  also  encourage  fulfillment  of  another  important  objective: 
maintaining  government  records  about  individuals  with  such  accuracy,  relevance, 
timeliness,  and  completeness  as  is  reasonably  necessary  to  assure  fairness  to 
individuals  in  making  determinations  about  them.-7 

The  Privacy  Act  requirements  that  an  individual  be  permitted  access  to  personal 

information,  that  an  individual  be  permitted  to  correct  and  amend  personal  information, 

and  that  an  agency  assure  the  reliability  of  personal  information  for  its  intended  use  must 

be  applied  to  the  entire  REAL  ID  national  identification  system.  Full  application  of  the 

Privacy  Act  requirements  to  government  record  systems  is  the  only  way  to  ensure  that 

data  is  accurate  and  complete,  which  is  especially  important  in  this  context,  where 

mistakes  and  misidentifications  are  costly. 

IV.  REAL  ID  Cards  Must  Not  Denote  Citizenship  Status 

DHS  is  considering  using  the  REAL  ID  card  in  the  Western  Hemisphere  Travel 
Initiative  border  security  program.  For  the  REAL  ID  card  to  be  compliant  under  the 
program,  it  would  need  to  include  long-range  RFID  technology,  discussed  below,  and 
“the  State  would  have  to  ensure  that  the  State-issued  REAL  ID  driver’s  license  or 
identification  card  denoted  citizenship. "1K  It  cannot  be  stressed  strongly  enough:  REAL 
ID  cards  must  not  include  citizenship  status.  If  REAL  ID  cards  were  to  signify 
citizenship,  there  would  be  intense  scrutiny  of  and  discrimination  against  individuals  who 
chose  not  to  carry  the  national  identification  card  and  those  who  “look  foreign." 


SOURCEBOOK  2004  395  (EPIC  2005.  The  OECD  Privacy  Guidelines  require,  among  other  things,  that  there 
should  be  limitations  on  the  collection  of  information;  collection  should  be  relevant  to  the  purpose  for 
which  it  is  collected;  there  should  be  a  policy  of  openness  about  the  information’s  existence,  nature, 
collection,  maintenance  and  use;  and  individuals  should  have  rights  to  access,  amend,  complete,  or  erase 
information  as  appropriate.  Id. 

,7H.R.  Rep.  No.  93-1416  at  15(1974). 

18  REAL  ID  Draft  Regulations  at  10.842,  supra  note  I. 
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V.  Standards  for  ID  Documents  Would  Burden  Many  Individuals 

Under  the  REAL  ID  Act,  States  are  required  to  obtain  and  verify  documents  from 
applicants  that  establish  “(1)  The  applicant’s  identity,  through  a  photo  identity  document, 
or  a  non-photo  identity  document  that  includes  full  legal  name  and  date  of  birth  if  a  photo 
identity  document  is  not  available;  (2)  Date  of  birth;  (3)  Proof  of  SSN  or  ineligibility  for 
an  SSN;  (4)  The  applicant's  address  of  principal  residence;  and  (5)  Lawful  status  in  the 
United  States.”39  Under  the  regulations,  the  only  documents  that  could  be  accepted  by  the 
states  to  issue  these  new  identity  cards  would  be:  (1)  valid  unexpired  U.S.  passport  or  the 
proposed  passport  card  under  the  Western  Hemisphere  Travel  Initiative;  (2)  certified 
copy  of  a  birth  certificate;  (3)  consular  report  of  birth  abroad;  unexpired  permanent 
resident  card;  unexpired  employment  authorization  document;  (4)  unexpired  foreign 
passport  with  valid  U.S.  visa  affixed;  (5)  U.S.  certificate  of  citizenship;  U.S.  certificate  of 
naturalization;  or  (6)  REAL  ID  driver’s  license  or  identification  card  (issued  in 
compliance  with  the  final  regulations).40 

The  difficult  standards  for  acceptable  identification  documents  would  limit  the 
ability  of  some  individuals  to  get  a  state  driver’s  license.  There  are  questions  as  to 
whether  some  citizens  could  produce  these  documents,  among  them  Native  Americans, 
victims  of  natural  disasters,  domestic  violence  victims,  the  homeless,  military  personnel, 
or  elderly  individuals.41  We  applaud  the  Department  of  Homeland  Security  for  attempting 
to  resolve  this  problem  by  allowing  the  States  to  voluntarily  create  an  exceptions  process 
for  extraordinary  circumstances.  However,  though  DHS  set  minimum  standards  for  data 

39  Id.  at  10,827. 

40  Id.  at  10,827-28. 

41  See  Domestic  Violence  discussion,  infra  Section  XI  (how  domestic  violence  victims  will  be  harmed  by 
the  standards);  see  Data  Verification  discussion,  infra  Section  VI  (general  problems  with  the  standards). 
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collection,  retention  and  documentation  of  the  transaction,  the  agency  did  not  set 
minimum  standards  for  eligibility,  length  of  process,  or  cost  of  process.4’  DHS  states  that 
persons  born  before  1935  might  not  have  been  issued  birth  certificates,  so  they  might  be 
eligible  for  the  exceptions  process.4'  Otherwise,  there  is  nothing  that  explains  to  either 
States  or  individuals  how  they  could  prove  eligibility,  how  long  the  process  would  take 
(days,  weeks,  months  or  even  years),  or  if  they  could  even  afford  the  cost  of  the 
exceptions  process. 

VI.  Data  Verification  Procedures  Are  Based  on  Faulty  Premises 
The  data  verification  procedures  mandated  by  the  draft  regulations  are  based  on 
faulty  premises:  DHS  relies  on  non-existing,  unavailable  or  incomplete  databases  and  the 
mistaken  belief  that  DMV  workers  can  or  should  be  turned  into  Federal  immigration 
officers.  Each  assumption  creates  more  problems  in  the  Department  of  Homeland 
Security’s  attempt  to  create  a  fundamentally  flawed  national  identification  system. 

A.  DHS  Relies  on  Verification  Databases  That  Are  Not  Available 
Under  REAL  ID,  the  states  must  verify  applicant  documents  and  data  with  the 
issuing  agency.  DHS  states  that,  “[f]or  individual  States  to  verify  information  and 
documentation  provided  by  applicants,  each  State  must  have  electronic  access  to  multiple 
databases  and  systems  ....  Secure  and  timely  access  to  trusted  data  sources  is  a 
prerequisite  for  effective  verification  of  applicant  data."44  Yet,  beyond  the  national 
identification  system  created  by  the  State-to-State  data  exchange,  two  of  four  verification 
systems  required  are  not  available  on  a  nationwide  basis  and  third  does  not  even  exist. 


42  REAL  ID  Draft  Regulations  at  10,834,  supra  note  I. 

43  Id.  at  10,822. 

44  Id.  at  10,833. 
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The  database  systems  the  States  are  required  to  verify  applicant  information 
against  are:  (1)  Electronic  Verification  of  Vital  Events  (“EWE”),  for  birth  certificate 
verification;  (2)  Social  Security  On-Line  Verification  (“SSOLV”),  for  Social  Security 
Number  verification;  (3)  Systematic  Alien  Verification  for  Entitlements  (“SAVE”),  for 
immigrant  status  verification;  and  (4)  a  Department  of  State  system  to  verify  data  from 
“U.S.  Passports,  Consular  Reports  of  Birth,  and  Certifications  of  Report  of  Birth.”45 

The  only  system  that  is  available  for  nationwide  deployment  is  SSOLV,  and  a 
survey  of  States  by  the  National  Governors  Association  found  that  even  this  database 
would  need  substantial  improvements  to  be  able  to  handle  the  workload  that  would  be 
needed  under  REAL  ID.46  EWE  is  currently  in  pilot  phase  and  only  five  states  are 
participating.4  Yet  DHS  bases  its  requirements  on  the  assumption  that  EWE  will  be 
ready  for  nationwide  expansion  by  the  implementation  deadline  May  2008.41'  The 
executive  director  of  the  organization  overseeing  the  database  has  announced  that  EWE 
will  not  be  ready  by  May  2008  and  the  system  may  not  be  ready  by  the  extended 
implementation  deadline  of  December  2009.49 

DHS  admits  that  only  20  states  are  using  SAVE,  and  that  the  planned  connection 
between  SAVE  and  another  database  for  foreign  student  status  verification  (Student  and 
Exchange  Visitor  Information  System,  “SEVIS”)  may  not  be  completed  by  the 


45  Id.  at  10,830-35;  Electronic  Verification  of  Vital  Events  (“EWE")  is  also  called  Electronic  Verification 
of  Vital  Event  Records  (“EWER")  in  some  federal  documents. 

46  Nat’l  Governors  Ass’n,  et.  al.  The  REAL  ID  Ad:  National  Impad  Analysis  (Sept.  19,  2006)  [“Governors’ 
Analysis”],  available  at  http://www.nga.org/Files/pdf/0609REALID.PDF. 

47  Nat'l  Ass’n  for  Public  Health  Statistics  &  Info.  Systems,  Electronic  Verification  of  Vital  Events  (EWE), 
http://www.naphsis.org/projects/index.asp?bid=403. 

4N  REAL  ID  Draft  Regulations  at  10,831.  supra  note  1. 

49  Eleanor  Stables,  Multi-Billion  Dollar  Real  ID  Program  May  Be  Stymied  Due  to  $3  Million  Shortfall,  CQ, 
Mar.  15,2007. 
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implementation  deadline  of  May  2008.'"  The  State  Department  system  to  verify  passports 
and  some  reports  of  births  has  not  even  been  created,  but  DHS  bases  its  mandates  on  the 
assumption  that  the  system  “is  eventually  developed.'"1 

B.  DMV  Workers  Cannot  and  Should  Not  Become  Immigration  Officials 
Under  the  regulations.  State  DMV  employees  would  need  to  authenticate  license 
and  identification  card  applicants’  source  documents,  which  means  the  employees  would 
be  required  to  physically  inspect  the  documents  and  “verify!]  that  the  source  document 
presented  under  these  regulations  is  genuine  and  has  not  been  altered.”52  These  source 
documents  are:  (1)  valid  unexpired  U.S.  passport  or  the  proposed  passport  card  under  the 
Western  Hemisphere  Travel  Initiative;  (2)  certified  copy  of  a  birth  certificate;  (3) 
consular  report  of  birth  abroad;  unexpired  permanent  resident  card;  unexpired 
employment  authorization  document;  (4)  unexpired  foreign  passport  with  valid  U.S.  visa 
affixed;  (5)  U.S.  certificate  of  citizenship;  U.S.  certificate  of  naturalization;  or  (6)  REAL 
ID  driver’s  license  or  identification  card  (issued  in  compliance  with  the  final 
regulations).55 

State  DMV  employees  would  be  required  to  verify  these  documents,  including 
Federal  immigration  documents,  though  they  have  no  training  to  do  so.  DHS 
contemplates  this  problem  and  seeks  to  solve  it  by  requiring  that  DMV  employees 
handling  source  documents  undergo  12  hours  of  "fraudulent  document  recognition” 
training.54  A  review  of  the  Social  Security  Administration  found  that  staff  had  difficulty 
recognizing  counterfeit  documents,  though  it  is  their  primary  job  to  verify  these 

50  REAL  ID  Draft  Regulations  at  10.833.  supra  note  1. 

51  Id.  at  10,832. 

52  Id.  at  10,850. 

53  Id.  at  10,827-28. 

54  Regulatory  Evaluation  at  1 22,  supra  note  1 8. 
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documents  before  issuing  SSN.  For  example,  the  Government  Accountability  Office 
review  reported  difficulty  with  detection  of  fraudulent  birth  certificates.  In  one  case,  a 
fake  in-state  birth  certificate  was  detected,  but  “SSA  staff  acknowledged  that  if  a 
counterfeit  out-of-state  birth  certificate  had  been  used,  SSA  would  likely  have  issued  the 
SSN  because  of  staff  unfamiliarity  with  the  specific  features  of  numerous  state  birth 
certificates.”55  It  is  questionable  how  well  State  DMV  employees  would  be  able  to  spot 
fraudulent  documents,  especially  documents  as  rarely  seen  as  consular  reports  of  birth 
abroad,  with  merely  12  hours  of  training  when  it  is  difficult  for  counterfeit  documents  to 
be  spotted  by  federal  employees  whose  primary  job  is  verification  of  source  documents. 
Also,  if  a  State  DMV  employee  determines  that  an  applicant’s  source  documents  are 
fraudulent,  where  could  the  applicant  turn?  No  redress  procedure  has  been  created.5'’ 

VII.  Minimum  Data  Elements  on  MRT  Must  Remain  Minimum 

Under  REAL  ID,  the  following  amount  of  information,  at  a  minimum,  must  be  on 
the  REAL  ID  card:  (1)  full  legal  name;  (2)  date  of  birth;  (3)  gender;  (4)  driver’s  license  or 
identification  card  number;  (5)  digital  photograph  of  the  person;  (6)  address  of  principal 
residence;  (7)  signature;  (8)  physical  security  features;  (9)  a  common  machine  readable 
technology,  with  defined  minimum  data  elements;  and,  (10)  card  issue  and  expiration 
date.57  The  REAL  ID  card  will  include  a  2D  barcode  as  its  machine  readable  technology. 
To  protect  privacy  and  improve  security,  this  machine  readable  technology  must  either 
include  encryption,  which  is  recommended  by  the  DHS  Privacy  Office,  or  access  must  be 
limited  in  some  other  form.  Leaving  the  machine  readable  zone  open  would  allow 

55  Gov’t  Accountability  Office,  Social  Security  Administration:  Actions  Taken  to  Strengthen  Procedures  for 
Issuing  Social  Security  Numbers  to  Noncitizens,  but  Some  Weaknesses  Remain,  GAO-04- 12  (Oct.  2003), 
available  at  http://www.gao.gov/cgi-bin/getrpt7GAO-04-12. 

56  See  Privacy  Act  discussion,  supra  Section  III. 

57  REAL  ID  Draft  Regulations  at  10.8435,  supra  note  1. 
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unfettered  third-party  access  to  the  data  and  leave  245  million  license  and  cardholders 
nationwide  at  risk  for  individual  tracking. 

A.  Access  to  Data  Must  Be  Limited 

Under  the  required  changes  to  the  design  of  State  licenses  and  identification 
cards,  DHS  states  the  card  must  include  “[pjhysical  security  features  designed  to  prevent 
tampering,  counterfeiting,  or  duplication  of  the  document  for  fraudulent  purpose"  and 
“common  [machine-readable  technology],  with  defined  minimum  data  elements.”5*  The 
Federal  agency  will  require  the  use  of  a  two-dimensional  bar  code,  but  will  not  require 
the  use  of  encryption.  Though  Homeland  Security  lays  out  the  privacy  and  security 
problems  associated  with  creating  an  unencrypted  machine  readable  zone  on  the  license, 
it  does  not  require  encryption  because  there  are  concerns  about  “operational 
complexity.”59 

The  Department  of  Homeland  Security’s  own  Privacy  Office  has  urged  the  use  of 
encryption  in  REAL  ID  cards.  In  its  Privacy  Impact  Assessment  of  the  draft  regulations, 
the  Privacy  Office  supported  encryption  "because  2D  bar  code  readers  are  extremely 
common,  the  data  could  be  captured  from  the  driver’s  licenses  and  identification  cards 
and  accessed  by  unauthorized  third  parties  by  simply  reading  the  2D  bar  code  on  the 
credential”  if  the  data  is  left  unencrypted.60  DHS  says  that,  “while  cognizant  of  this 
problem,  DHS  believes  that  it  would  be  outside  its  authority  to  address  this  issue  within 


58  Id.  at  10,835. 

59  Id.  at  10,826. 

60  Dep't  of  Homeland  Sec.  Privacy  Office.  Privacy  Impact  Assessment  for  the  REAL  ID  Act  1 6  (Mar.  1 , 
2007)  [“Privacy  Impact  Assessment  of  Draft  Regulations"],  available  at 
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_realid.pdf  and 
http://www.epic.org/privacy/id_cards/pia_030107.pdf. 
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this  rulemaking.”61  As  we  have  previously  stated.  DHS  has  the  obligation  to  protect  the 
privacy  of  individuals  from  whom  they  collect  data,  and  the  agency  should  not  abdicate 
this  responsibility.62  Imposing  a  requirement  for  the  States  to  use  unencrypted  machine 
readable  technology  renders  the  cardholder  unable  to  control  who  receives  her  data. 

If,  however,  the  agency  determines  that  it  will  not  use  encryption  because  of 
concerns  about  the  complexity  of  public  key  regulation,  there  is  another  approach  that 
would  better  protect  the  privacy  of  individuals  than  unfettered  access  to  the  machine 
readable  zone.  We  suggest  that  no  personal  data  be  placed  on  the  machine  readable  zone. 
Instead,  place  a  new  identifier  that  is  unused  elsewhere  (i.e.,  not  the  driver’s  license 
number  or  Social  Security  Number).  This  unique  identifier  will  "point”  to  the  records  in 
the  national  database.  Access  to  the  database  can  be  controlled  by  password  and 
encryption  security,  because  it  is  easier  to  regulate  public  keys  in  this  scenario.  Also,  the 
State  should  ensure  that  a  new  unique  identifier  is  created  each  time  the  machine  readable 
zone  is  renewed  or  reissued,  in  order  to  make  the  identifier  less  useful  as  an  everyday  ID 
number  -  people  would  not  be  forever  linked  to  this  identifier.  This  approach  would 
improve  data  security  and  privacy. 

It  is  possible  to  use  a  “pointer”  system  in  the  machine  readable  zone,  because  the 
REAL  ID  Act  did  not  set  out  what  minimum  document  requirements  on  the  machine 
readable  zone  need  to  be.  The  Act  reads,  “(9)  a  common  machine-readable  technology, 
with  defined  minimum  data  elements.”6'  Also,  in  the  draft  regulations.  DHS  requests 
comments  on  “[w]hether  the  data  elements  currently  proposed  for  inclusion  in  the 

61  REAL  ID  Draft  Regulations  at  10,837,  supra  note  I . 

62  See  Privacy  Act  discussion,  supra  Section  III  (federal  agencies  have  the  obligation  to  protect  the  privacy 
rights  of  individuals  from  whom  they  collect  information). 

63  Pub.  L.  No.  109-13,  1 19  Stat.  231, 312,  §  202(b)(9)  (2005). 
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machine  readable  zone  of  the  driver's  license  or  identification  card  should  be  reduced  or 


expanded.”64  We  recommend  against  putting  any  personal  data  on  the  machine  readable 
zone  and  only  placing  this  unique  identifier.  In  this  way.  access  to  the  data  can  be  more 
tightly  controlled. 

DHS  is  required  to  include  security  protections  on  the  REAL  ID  card.  Under  the 
REAL  ID  Act,  the  card  must  include  '‘(8)  Physical  security  features  designed  to  prevent 
tampering,  counterfeiting,  or  duplication  of  the  document  for  any  fraudulent  purpose.”6* 

If  DHS  does  not  seek  to  limit  access  to  the  data  on  the  REAL  ID  card,  then  it  is  signaling 
that  it  is  acceptable  for  third  parties  to  download,  access  and  store  the  data  for  purposes 
beyond  the  three  official  purposes  set  out  in  the  draft  regulations:  “accessing  Federal 
facilities,  boarding  commercial  aircraft,  and  entering  nuclear  power  plants.”66  Though 
DHS  has  contemplated  expanding  the  uses  for  the  REAL  ID  card,  such  an  expansion 
would  harm  both  individual  privacy  and  security  and  quickly  turn  the  United  States  into  a 
country  where  the  national  identification  card  is  involuntarily  carried  by  everyone. 

B.  Unfettered  Data  Access  Threatens  Individual  Privacy 

If  personal  data  is  placed  on  the  machine  readable  zone  of  the  REAL  ID  card, 
then  access  to  this  data  must  be  limited  or  individual  privacy  will  be  threatened. 

Unlimited  access  to  this  data  will  allow  unauthorized  third  parties  to  download,  access 
and  store  the  personal  data  of  any  REAL  ID  cardholder. 

The  REAL  ID  Act  mandates  that  the  REAL  ID  card  include  “(8)  Physical  security 
features  designed  to  prevent  tampering,  counterfeiting,  or  duplication  of  the  document  for 


64  REAL  ID  Draft  Regulations  at  10,842,  supra  note  I . 

65  Pub.  L.  No.  109-13,  1 19  Stat.  231, 312,  §  202(b)(8)  (2005). 

66  REAL  ID  Draft  Regulations  at  10,823,  supra  note  I . 
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any  fraudulent  purpose.”6  Allowing  universal  access  to  personal  data  contained  on  the 
REAL  ID  card  would  facilitate  identity  theft  and  security  breaches.  In  the  privacy  impact 
assessment  of  the  draft  regulations,  the  Department  of  Homeland  Security  Privacy  Office 
urges  encryption  for  the  REAL  ID  machine  readable  zone.  It  explains  that  unsecured 
digital  data  raises  the  risk  of  “skimming,”  where  one  “expos[es]  the  information  stored  on 
the  credential  to  unauthorized  collection. This  risk  is  not  theoretical,  the  Privacy  Office 
says,  because  “[r]eaders  for  the  2D  bar  code  are  readily  available  for  purchase  on  the 
Internet  and  at  a  very  low  cost,  which  permits  unauthorized  third  parties  to  skim  the 
information  for  their  own  business  needs  or  to  sell  to  other  third  parties.”69  Such 
skimming  is  often  done  without  the  individual's  knowledge  or  consent. 

A  recent  case  illustrates  the  security  threat  posed  by  open  access  to  personal  data 
on  a  machine  readable  technology.  Last  month.  New  York  prosecutors  charged  thirteen 
people  in  a  counterfeiting  ring  where  restaurant  servers  on  the  East  Coast  (from 
Connecticut  to  Florida)  skimmed  data  from  customers’  credit  cards.71'  “They  used  small 
hand-held  devices,  about  the  size  of  a  cigarette  package  that  could  be  kept  in  a  pocket,  to 
record  information  encoded  in  the  magnetic  strips  of  credit  cards.”71  For  a  year  and  a  half, 
the  illegally  gathered  data  was  used  to  create  fake  credit  cards  and  buy  merchandise  that 
the  criminals  resold.77  The  financial  data  was  easily  accessed,  downloaded  and  misused 
by  the  criminals  because  anyone  with  a  skimmer  device  was  able  to  read  the  unprotected 
machine  readable  zones. 


67 

68 

69 

70 

71 

72 


Pub.  L.  No.  109-13,  1 19  Stat.  231. 312,  §  202(b)(8)  (2005). 

Privacy  Impact  Assessment  of  Draft  Regulations  at  14. 

Privacy  Impact  Assessment  of  Draft  Regulations  at  14. 

Anemona  Hartocollis,  $3  Million  Lost  to  Fraud  Ring,  Authorities  Say,  N.Y.  Times,  April  21, 2007. 


Id. 

Id. 
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Some  States  are  already  facing  problems  with  unauthorized  parties  accessing 
license  and  ID  card  data.  California,  Nebraska,  New  Hampshire,  and  Texas  have  laws 
restricting  the  skimming  of  such  data.  '  In  November,  the  New  Jersey  Motor  Vehicle 
Commission  sent  letters  to  bar,  restaurant  and  retail  organizations  explaining  that  they 
must  stop  scanning  and  downloading  their  patrons’  license  data.  4  Such  actions  violate  the 
state  Digital  Driver  License  Act,  as  well  as  the  state  and  federal  Drivers  Privacy 
Protection  Acts,  according  to  the  commission.7'  Yet  at  least  one  establishment  expressed 
reluctance  to  stop  downloading  and  storing  their  customers’  personal  data,  even  in  the 
face  of  legal  action  from  the  State.76  Today,  different  States  have  different  ID  cards  with  a 
variety  of  data  and  security  features.  Imagine  what  would  happen  if  245  million  cards 
nationwide  had  personal  data  in  the  exact  same  open  access  format. 

When  a  person  hands  over  her  license  or  ID  card  today,  the  data  is  not  routinely 
downloaded  and  stored.  A  grocery  store  clerk  or  club  bouncer  usually  merely  looks  at  the 
card,  verifies  age  or  address,  and  then  hands  the  card  back  to  the  individual.  No 
transaction  is  recorded.  However,  universal  access  to  the  machine  readable  zone  of  the 
REAL  ID  card  would  allow  the  data  to  be  downloaded,  stored  and  transferred  without  the 
knowledge  or  permission  of  the  individual  cardholder.  A  digital  transaction  would  be 
recorded  and  a  digital  trail  could  be  created. 

For  example,  let’s  follow  Douglas  Osborne  for  one  weekend  in  the  near  future,  if 
the  national  identification  system  is  created  and  the  machine  readable  zone  left  open  for 
universal  access.  On  Friday  night,  Doug  went  to  Eighteenth  Street  Lounge  at  8  p.m.  with 

7!  Privacy  Impact  Assessment  of  Draft  Regulations  at  15. 

74  Ian  T.  Shearn,  License  scanning  is  illegal,  stale  says.  Star- Led cer  (NJ),  Nov.  23,  2006. 

15  Id. 
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four  friends,  where  their  REAL  ID  cards  were  scanned  and  their  personal  data  accessed 
and  stored.  At  9:35  p.m.,  he  went  to  Club  Five  with  the  same  four  friends,  where  their 
REAL  ID  cards  were  scanned  and  their  personal  data  accessed  and  stored.  On  Saturday 
afternoon,  Doug  bought  two  six-packs  of  Harpoon  beer  at  12:27  p.m.  at  a  Safeway  in 
Capitol  Hill,  where  Doug's  REAL  ID  data  was  scanned  and  stored.  On  Saturday  night, 
Doug  and  two  friends  took  the  5: 10  flight  to  Atlantic,  where  their  cards  were  scanned  and 
their  information  stored.7  At  1 1:37  p.m.,  Doug  and  his  two  friends  checked  into  a  hotel, 
where  their  ID  cards  were  scanned  and  their  data  downloaded.  On  Sunday  morning,  one 
of  Doug’s  friends  buys  cigarettes  at  a  casino,  and  his  REAL  ID  is  scanned  and  his  data 
stored  at  1 1 :04  a.m.  The  digital  trail  could  continue  indefinitely.  Individuals  could  easily 
be  tracked  from  location  to  location  as  they  went  about  their  daily  lives.  Add  to  the 
REAL  ID  trail  the  information  that  could  be  gleaned  from  individuals’  credit  card 
transactions,  and  you  have  complete  consumer  profiles  for  which  many  companies  would 
pay  dearly. 

DHS  must  include  in  restrictions  against  the  addition  of  data  beyond  that  defined 
in  the  REAL  ID  Act.  To  allow  additional  data  on  the  machine  readable  zone  is  to  increase 
the  likelihood  of  the  REAL  ID  card  becoming  the  default  identification  documents  for 
everyday  transactions;  this  would  increase  the  incentive  for  third  parties  to  gather  and 
store  individuals’  data,  and  substantially  increase  the  card's  value  to  marketers  and 
criminals.  Expansion  of  the  data  collected,  uses  allowed,  and  users  authorized  would 
greatly  increase  both  threats  to  the  security  and  privacy  of  personal  data. 


77  “Because  REAL  IDs  use  a  common  MRT,  the  Transportation  Security  Administration  (TSA)  considered 
requiring  the  use  of  machine  readers  on  REAL  IDs  at  airports.  At  this  time  TSA  has  rejected  [the  plan]’’ 
(emphasis  added).  Regulatory  Evaluation  at  58,  supra  note  1 8. 
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C.  Use  of  RFID  Technology  Increases  Vulnerability  of  Data 

DHS  contemplates  using  the  REAL  ID  system  as  part  of  its  Federal  border 
security  program  and  requested  comments  on  how  States  could  incorporate  long-range 
radio  frequency  identification  (“RFID”)  technology  into  the  REAL  ID  card  so  that  it 
could  be  used  as  part  of  the  Western  Hemisphere  Travel  Initiative.  s  Many  groups  have 
urged  against  the  use  of  RFID  technology  in  identification  documents.  There  are 
significant  privacy  and  security  risks  associated  with  the  use  of  RFID-enabled 
identification  cards,  particularly  if  individuals  are  not  able  to  control  the  disclosure  of 
identifying  information.  The  Department  of  State  recognized  these  security  and  privacy 
threats  and  changed  its  E-Passport  proposal  because  of  them;  the  Department  of 
Homeland  Security  ("DHS")  has  just  abandoned  a  plan  to  include  RFID  chips  in  border 
identification  documents  because  the  pilot  test  was  a  failure;  and  both  the  Department  of 
Homeland  Security’s  Data  Privacy  and  Integrity  Advisory  Committee  and  the 
Government  Accountability  Office  recently  cautioned  against  the  use  of  RFID 
technology  in  identification  documents. 

Privacy  and  security  risks  associated  with  RFID-enabled  identification  cards 
include  “skimming”  and  "eavesdropping.”  Skimming  occurs  when  an  individual  with 
unauthorized  RFID  reader  gathers  information  from  an  RFID  chip  without  the 
cardholder’s  knowledge.  Eavesdropping  occurs  when  an  unauthorized  individual 
intercepts  data  as  it  is  read  by  an  authorized  RFID  reader.  In  the  absence  of  effective 
security  techniques,  RFID  tags  are  remotely  and  secretly  readable.  Although  the  creation 

78  REAL  ID  Draft  Regulations  at  10.842.  supra  note  1 ;  see  EPIC.  Spotlight  on  Surveillance.  Homeland 
Security  PASS  Card:  Leave  Home  Without  It  (Aug.  2006), 

http://www.epic.org/privacy/surveillance/spotlight/0806/  (why  the  Western  Hemisphere  Travel  Initiative’s 
proposed  passport  card  creates  security  threats);  EPIC's  Page  on  Radio  Frequency  Identification  (RFID) 
Systems,  http://www.epic.org/privacy/rfid/. 
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of  a  small,  easily  portable  RFID  reader  may  be  complex  and  expensive  now,  it  will  be 
easier  as  time  passes.  For  example,  the  distance  necessary  to  read  RFID  tags  was  initially 
thought  to  be  a  few  inches.  In  the  now-abandoned  pilot  test,  the  Department  of  Homeland 
Security  said,  “reliable  reads  can  be  received  from  a  few  inches  to  as  much  as  30  feet 
away  from  the  reader.  ”7<'  Other  tests  also  have  shown  that  RFID  tags  can  be  read  from  70 
feet  or  more,  posing  a  significant  risk  of  unauthorized  access.80 

Some  attacks  already  have  succeeded  against  so-called  “strengthened” 
identification  documents.  In  one  case,  a  computer  expert  was  able  to  clone  the  United 
Kingdom's  electronic  passport  by  using  a  commercially  available  RFID  reader  (which 
cost  less  than  $350)  and  software  that  took  him  less  than  a  couple  of  days  to  write.81  In 
assessing  the  new  RFID-enabled  U.S.  passports,  one  expert  cloned  the  RFID  tag  and 
another  used  characteristics  of  the  radio  transmissions  to  identify  individual  chips,  and 
those  researchers  spent  only  a  few  weeks  attacking  the  RFID-enabled  passports.82 

Another  security  risk  of  RFID-enabled  identification  cards  is  that  of  clandestine 
tracking.  An  unauthorized  RFID  reader  could  be  constructed  to  mimic  the  authorized 
signal  and  then  be  used  to  secretly  read  the  RFID  tag  embedded  in  the  identification  card. 
The  Government  Accountability  Office  has  highlighted  this  security  problem  unique  to 
wireless  technology: 

The  widespread  adoption  of  the  technology  can  contribute  to  the  increased 
occurrence  of  these  privacy  issues.  As  previously  mentioned,  tags  can  be  read  by 
any  compatible  reader.  If  readers  and  tags  become  ubiquitous,  tagged  items 

79  Dep't  of  Homeland  Sec..  Notice  with  request  for  comments.  70  Fed.  Reg.  44934.  44395  (Aug.  5.  2005), 
available  at  http://frwebgate  1  .access.gpo.gov/cgi- 

bin/waisgate.cgi?WAISdocID=02 1 420363270+2+0 +0&WAISaction=retrieve. 

80 See  Ziv  Kfir  and  Avishai  Wool,  Picking  Virtual  Pockets  using  Relay  Attacks  on  Contactless  Smartcard 
Systems  (Feb.  22,  2005),  available  at  http://eprint.iacr.org/2005/052;  Scott  Bradner,  An  RFID  warning  shot. 
Network  World,  Feb.  7,  2005. 

81  Steve  Boggan,  Special  Report:  Identity  Cards:  Cracked  It!.  Guardian,  Nov.  17.  2006. 

82  Bruce  Schneier.  Opinion.  The  ID  Chip  You  Don't  Want  in  Your  Passport.  Wash.  Post,  Sept.  16,  2006. 
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carried  by  an  individual  can  be  scanned  unbeknownst  to  that  individual.  Further, 
the  increased  presence  of  readers  can  provide  more  opportunities  for  data  to  be 
collected  and  aggregated.*  ' 

So  long  as  the  RFID  tag  or  chip  can  be  read  by  unauthorized  individuals,  the  person 
carrying  that  tag  can  be  distinguished  from  any  other  person  carrying  a  different  tag. 
Individuals,  unlike  commercial  products  with  RFID  tags,  should  have  the  right  to  control 
the  disclosure  of  their  identifying  information. 

The  federal  government  should  be  fully  aware  by  now  of  the  problems  raised  by 
an  insecure  RFID  scheme.  In  April  2005,  EPIC,  the  Electronic  Frontier  Foundation,  and 
other  groups  submitted  comments  urging  the  State  Department  to  abandon  its  E-Passport 
proposal,  because  it  would  have  made  personal  data  contained  in  hi-tech  passports 
vulnerable  to  unauthorized  access.*4  After  the  Department  of  State  received  more  than 
2,400  comments  on  its  notice  for  proposed  rulemaking  on  RFID-enabled  passports,  many 
of  which  criticized  its  serious  disregard  of  security  and  privacy  safeguards,  the  agency 
said  it  would  implement  Basic  Access  Control  in  an  attempt  to  prevent  skimming  and 
eavesdropping.*5  The  use  of  RFID-enabled  identification  documents,  without  including 
Basic  Access  Control  and  other  safeguards,  contravenes  the  Department  of  State’s 
incorporation  of  basic  security  features  into  new  U.S.  passports.*6 

In  2005,  DHS  began  testing  RFID-enabled  1-94  forms  in  its  United  States  Visitor 
and  Immigrant  Status  Indicator  Technology  (“US-VISIT")  program  to  track  the  entry  and 


83  Gov’t  Accountability  Office.  Report  to  Congressional  Requesters:  Information  Security:  Radio 
Frequency  Identification  Technology  in  the  Federal  Government,  GAO-05-55 1  (May  2005),  available  at 
http://www.gao.gov/new.items/d0555 1  .pdf. 

84  EPIC,  EFF.  et.  al.  Comments  on  RIN  1400-AB93:  Electronic  Passport  (Apr.  4.  2005).  available  at 
http://www.epic.org/privacy/rfid/rfid_passports-0405.pdf. 

85  Dep’t  of  State,  Notice  of  Proposed  Rule,  70  Fed.  Reg.  8305  (Feb.  18.  2005),  available  at 
http://a257.g.akamaitech.net/7/257/2422/0ljan2005l800/edocket.access.gpo.gov/2005/05-3080.htm. 

8,1  See  Kim  Zetter,  Feds  Rethinking  RFID  Passport.  Wired.  Apr.  26,  2005:  Eric  Lipton.  Bowing  to  Critics, 
U.S.  to  Alter  Design  of  Electronic  Passports,  N.Y.  Times,  Apr.  27,  2005. 
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exit  of  visitors.8  The  RFID-enabled  forms  stored  a  unique  identification  number,  which 
is  linked  to  data  files  containing  foreign  visitors’  personal  data.8x  EPIC  warned  that  this 
flawed  proposal  would  endanger  personal  privacy  and  security,  citing  the  plan’s  lack  of 
basic  privacy  and  security  safeguards.8'1  The  Department  of  Homeland  Security's 
Inspector  General  echoed  EPIC’s  warnings  in  a  July  2006  report.  The  Inspector  General 
found  “security  vulnerabilities  that  could  be  exploited  to  gain  unauthorized  or  undetected 
access  to  sensitive  data”  associated  with  people  who  carried  the  RFID-enabled  1-94 
forms.90  A  report  released  by  the  Government  Accountability  Office  in  late  January 
identified  numerous  performance  and  reliability  issues  in  the  15-month  test.91  The  many 
problems  with  the  RFID-enabled  identification  system  led  Homeland  Security  Secretary 
Michael  Chertoff  to  admit  in  Congressional  testimony  on  February  9th  that  the  pilot 
program  had  failed,  stating  “yes,  we’re  abandoning  it.  That’s  not  going  to  be  a  solution” 
for  border  security.92 


87  Dep't  of  Homeland  Sec.,  Notice  With  Request  For  Comments:  United  States  Visitor  and  Immigrant 
Status  Indicator  Technology  Notice  on  Automatic  Identification  of  Certain  Nonimmigrants  Exiting  the 
United  States  at  Select  Land  Border  Ports-of- Entry,  70  Fed.  Reg.  44934  (Aug.  5,  2005),  available  at 
http://frwebgate  1  .access.gpo.gov/cgi- 

dbin/waisgate.cgi?W  AlSdocID=02 1 420363270+2+0 +0&WAISaction=retrieve. 

88  The  data  includes  biographic  information,  such  as  name,  date  of  birth,  country  of  citizenship,  passport 
number  and  country  of  issuance,  complete  U.S.  destination  address,  and  digital  Fingerscans.  Dep't  of 
Homeland  Sec.,  Notice  of  Availability  of  Privacy  Impact  Assessment,  70  Fed.  Reg.  39300,  39305  (July  7, 
2005),  available  at 

http://a257.g.akamaitech.  net/7 /257/2422/0 1 jan2005 1 800/edocket.access.gpo.gov/2005/05- 1 337 1  .htm. 

8,1  EPIC,  Comments  on  Docket  No.  DHS-2005-001 1 :  Notice  With  Request  For  Comments:  United  States 
Visitor  and  Immigrant  Status  Indicator  Technology  Notice  on  Automatic  Identification  of  Certain 
Nonimmigrants  Exiting  the  United  States  at  Select  Land  Border  Ports-of-Entry  (Dec.  8,  2005),  available  at 
http://www.epic.org/privacy/us-visit/100305_rfid.pdf. 

l|"  Dep’t  of  Homeland  Sec.  Inspector  Gen..  Additional  Guidance  and  Security'  Controls  Are  Needed  Over 
Systems  Using  RFID  at  DHS  ( Redacted )  7  (July  2006).  available  at 
http://www.dhs.gov/xoig/assets/mgmtrpls/OIGr_06-53_Jul06.pdf. 

91  Richard  M.  Stana,  Dir.,  Homeland  Sec.  &  Justice  Issues,  Gov’t  Accountability  Office,  Testimony  Before 
the  Subcom.  on  Terrorism,  Tech.,  <£  Homeland  Sec.,  S.  Comm,  on  the  Judiciary,  1 10th  Cong.  (Jan.  31, 
2007),  available  at  http://www.gao.gov/new.items/d07378t.pdf. 

92  Michael  Chertoff,  Sec’y,  Dep’t  of  Homeland  Sec.,  Testimony  at  a  Hearing  on  the  Fiscal  Year  2008  Dep  't 
of  Homeland  Sec.  Budget  Before  the  H.  Comm,  on  Homeland  Sec.,  1 10th  Cong.  (Feb.  9,  2007),  available  at 
http://www.epic.org/privacy/us-visit/chertoff_020907.pdf. 
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In  Congressional  testimony  in  March,  a  GAO  official  cautioned  against  the  use  of 
RFID  technology  to  track  individuals.  “Once  a  particular  individual  is  identified  through 
an  RFID  tag,  personally  identifiable  information  can  be  retrieved  from  any  number  of 
sources  and  then  aggregated  to  develop  a  profile  of  the  individual.  Both  tracking  and 
profiling  can  compromise  an  individual’s  privacy,”  the  GAO  said.''5  The  GAO  reiterated 
the  many  problems  with  the  failed  US-VISIT  RFID  project  and  expressed  concern  that, 
despite  this  failure,  DHS  endorsed  the  use  of  RFID  in  the  Western  Hemisphere  Travel 
Initiative  PASS  Card. 

In  December,  the  Department  of  Homeland  Security  Data  Privacy  and  Integrity 
Advisory  Committee  adopted  a  report,  “The  Use  of  RFID  for  Identity  Verification,” 
which  included  recommendations  concerning  the  use  of  RFID  in  identification 
documents.94  The  committee  outlined  security  and  privacy  threats  associated  with  RFID 
similar  to  the  ones  discussed  below,  and  it  urged  against  RFID  use  unless  the  technology 
is  the  “least  intrusive  means  to  achieving  departmental  objectives.”95  It  is  clear  that  the 
RFID  technology  outweigh  its  benefits  and  should  not  be  used  in  identification 
documents. 

VIII.  Uniform  License  Design  Would  Cause  Discrimination  Against 
Non-REAL  ID  Cardholders 


93  Linda  D.  Koontz.  Dir.,  Info.  Mgmt.  Issues,  Gov’t  Accountability  Office,  Testimony 

Before  the  Subcom.  on  Homeland  Sec.,  H.  Conun.  on  Appropriations,  1 10th  Cong.  (Apr.  14,  2007), 
available  at  http://www.gao.gov/new.items/d07630t.pdf. 

94  Dep’t  of  Homeland  Sec..  Data  Privacy  &  Integrity  Advisory  Comm.,  The  Use  of  RFID  for  Human 
Identity  Verification  ( Report  No.  2006-02)  (Dec.  6,  2006),  available  at 
http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_l2-2006_rpt_RFID.pdf. 

95  Id.  at  2. 
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The  Department  of  Homeland  Security  contemplates  a  universal  design  for 
compliant  and  non-compliant  REAL  ID  cards.96  A  universal  design,  especially  for  a  card 
including  citizenship  status,  would  cause  irreparable  harm,  as  it  would  foster  suspicion  of 
those  who  do  not  wish  to  carry  the  REAL  ID  card.  Uniform  design  for  a  national 
identification  card  would  also  create  an  enormous  security  risk. 

A.  Universal  Design  Would  Foster  Suspicion  of  Innocent  Individuals 

The  agency  is  considering  a  uniform  REAL  ID  card  design,  asking  for  comments 
on  “[wjhether  DHS  should  standardize  the  unique  design  or  color  required  for  non-REAL 
ID  under  the  REAL  ID  Act  for  ease  of  nationwide  recognition,  and  whether  DHS  should 
also  implement  a  standardized  design  or  color  for  REAL  ID  licenses.”9'  Mandating 
distinct  designs  or  colors  for  both  REAL  ID  and  regular  licenses  and  identification  cards 
and  requiring  non-REAL  ID  driver’s  licenses  or  ID  cards  to  have  explicit  “invalid  for 
federal  purposes”  designations  turns  this  “voluntary”  card  into  a  mandatory  national  ID 
card.  It  would  divide  the  country  into  two  -  people  with  the  REAL  ID  card  and  those 
without  -  and  anyone  with  a  different  license  or  ID  card  would  be  instantly  suspicious. 
Significant  delay,  complication  and  possibly  harassment  or  discrimination  would  fall 
upon  those  who  choose  not  to  carry  a  REAL  ID  card. 

B.  Official  and  Unofficial  Purposes  of  REAL  ID  Must  Not  Be  Increased 
According  to  DHS,  State  driver’s  licenses  and  identification  cards  must  meet 

standards  set  out  in  the  regulations  to  be  accepted  for  Federal  use  under  REAL  ID.  Such 
Federal  purposes  include  entering  Federal  facilities,  boarding  commercial  aircraft, 
entering  nuclear  power  plants,  and  “any  other  purposes  that  the  Secretary  shall 

96  REAL  ID  Draft  Regulations  at  10,841-42,  supra  note  I. 

97  Id.  at  10,842. 
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determine,”  but  the  limitation  on  use  to  the  three  enumerated  purposes  are  “for  the  time 
being.”98  The  Department  of  Homeland  Security,  via  the  draft  regulations  and  Homeland 
Security  Secretary  Michael  Chertoff,  contemplates  expanding  the  use  of  the  national 
identification  system. 

In  the  draft  regulations,  the  agency  seeks  comments  on  "how  DHS  could  expand 
[the  card’s  official  purposes]  to  other  federal  activities."9''  In  a  February  speech.  Secretary 
Chertoff  said  he  envisioned  the  REAL  ID  licenses  "dofingl  double-duty  or  triple-duty.”10" 
These  national  identification  cards  would  "be  used  for  a  whole  host  of  other  purposes 
where  you  now  have  to  carry  different  identification.”""  The  agency  also  may  use  the 
REAL  ID  card  in  the  Western  Hemisphere  Travel  Initiative  program  -  if  citizenship  is 
denoted  on  the  card  and  long-range  RFID  technology  added.102 

In  the  agency’s  economic  analysis  of  REAL  ID  implementation,  reducing  ID  theft 
is  listed  as  one  of  the  potential  ancillary  benefits  of  the  national  identification  system. 
However,  the  agency  says  that  the  potential  benefit  would  depend  on  a  vast  expansion  of 
REAL  ID  uses  from  the  three  official  purposes  required  in  the  draft  regulations;  DHS 
suggests  what  is  needed  is  “incidental  and  required  use  of  REAL  ID  documents  in 
everyday  transactions.”101  DHS  envisions  that  employers,  social  service  agencies 


Regulatory  Evaluation  at  30,  supra  note  18. 

'w  REAL  ID  Draft  Regulations  at  10.823.  supra  note  1. 

100  Michael  Chertoff.  Sec’y,  Dep't  of  Homeland  Sec..  Remarks  by  Secretary  Michael  Chertoff  at  the 
National  Emergency  Management  Association  Mid-Year  Conference  (Feb.  12,  2007),  available  at 
http://www.dhs.gov/xnews/speeches/sp_l  1713761 13152.shtm. 

1,11  Id. 

in2  See  RFID  Technology  discussion,  supra  Section  VII(c)  (security  and  privacy  risks  inherent  in  RFID 
use),  and  Citizenship  Designation  discussion,  supra  Section  IV  (citizenship  designation  breeds 
discrimination). 

103  Regulatory  Evaluation  at  1 30,  supra  note  1 8;  see  Identity  Theft  discussion,  infra  at  Section  X(c)  (why 
REAL  ID  will  not  reduce  identity  theft). 
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(including  Medicare,  Medicaid  and  student  financial  aid),  firearm  sellers  and  licensors, 
and  election  workers  will  all  use  this  national  identification  system.104 

The  official  and  unofficial  uses  of  REAL  ID  must  not  be  broadened.  Such 
expansion  would  harm  national  security.  As  explained  below,  using  a  single  card  for 
many  identification  purposes  would  be  the  same  as  using  one  key  for  every  lock. 

IX.  Expanded  Data  Collection  and  Retention  Increases  Security 
Risks 

Under  REAL  ID,  the  government  would  have  easy  access  to  an  incredible  amount 
of  personal  data  stored  in  one  national  database  (or,  according  to  the  DHS  description,  56 
State  and  Territory  databases,  each  of  which  can  access  all  of  the  others).1"5  DHS  claims 
that  it  is  not  expanding  data  collection  and  retention,  but  it  is  enlarging  schedules  and 
procedures  for  retention  and  distribution  of  identification  documents  and  other  personal 
data.  This  broad  expansion  of  data  collection  and  retention  in  a  national  database  creates 
significant  threats  to  privacy  and  security. 

The  agency  makes  two  claims  about  the  expanded  data  retention  under  REAL  ID 
that  we  dispute:  (1)  “Most  States  already  include  this  [extensive,  personal]  information  in 
a  machine  readable  technology,”  and  (2)  "neither  the  Real  ID  Act  nor  these  proposed 
regulations  gives  the  Federal  Government  any  greater  access  to  information  than  it  had 
before.”10''  Each  claim  is  false:  DHS  is  mandating  the  increase  of  both  the  type  of 
documents  that  need  to  be  retained  and  the  length  of  data  retention,  and  the  agency  will 
give  both  State  and  Federal  governments  greater  access  to  the  personal  data. 

104  See  National  Committee  for  Voting  Integrity,  http://votingintegrity.org/  and  EPIC,  Spotlight  on 
Surveillance,  With  Some  Electronic  Voting  Systems,  Not  All  Votes  Count  (Sept.  2006), 
http://www.epic.org/privacy/surveillance/spotlight/0307  (why  requiring  any  voter  identification  card  is  a 
poll  tax). 

105  Section  202(d)(12);  (d)(  1 3). 

REAL  ID  Draft  Regulations  at  10.824.  supra  note  1. 
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With  the  REAL  ID  national  identification  system,  DHS  imposes  new 
requirements  on  State  motor  vehicle  agencies.  Each  of  the  56  interconnected  databases 
must  contain  all  data  fields  printed  on  driver’s  licenses  and  ID  cards,  and  driver’s 
histories,  including  motor  vehicle  violations,  suspensions,  and  points  on  licenses.1117  The 
States  are  compelled  to  begin  maintaining  paper  copies  or  digital  images  of  important 
identity  documents,  such  as  birth  certificates  or  naturalized  citizenship  papers,  for  seven 
to  10  years. 108  This  is  a  significant  expansion  of  the  personal  data  previously  reviewed  or 
stored  by  State  motor  vehicle  agencies. 

Currently  these  identification  documents  are  kept  in  a  variety  of  places  -  the 
Social  Security  system,  the  immigration  system,  local  courthouses  -  and  it  takes 
considerable  effort  to  gather  them  all  together.  Under  REAL  ID,  all  of  these  identification 
documents  -  concerning,  among  other  things,  births,  marriages,  deaths,  immigration, 
social  services  -  are  consolidated  into  one  national  database,  accessible  to  at  least  tens  of 
thousands  of  government  employees  nationwide,  which  would  give  the  Federal  and  State 
governments  greater  access  than  before. 

Security  expert  Bruce  Schneier,  EPIC  and  others  have  explained  that  it  decreases 
security  to  have  one  ID  card  for  many  purposes,  as  there  will  be  a  substantial  amount  of 
harm  when  the  card  is  compromised.10''  There  is  also  the  threat  that  REAL  ID  is 
ostensibly  trying  to  protect  against:  forged  identification  cards.  Investing  so  much  trust 
into  one  card  means  that  criminals  will  only  have  to  forge  one  identification  card.  “No 


107  Section  202(d)(12);  (d)(13). 

108  REAL  ID  Draft  Regulations  at  10.855.  supra  note  1. 

109  Melissa  Ngo,  Dir.,  EPIC  Identification  &  Surveillance  Project,  Prepared  Testimony  and  Statement  for 
the  Record  at  a  Hearing  on  "Maryland  Senate  Joint  Resolution  5"  Before  the  Judicial  Proceedings  Comm, 
of  the  Maryland  Senate  (Feb.  15,  2007)  [“EPIC  Testimony  at  Maryland  Senate”],  available  at 
http://www.epic.org/privacy/id_cards/ngo_test_02 1 507.pdf. 
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matter  how  unforgeable  we  make  it,  it  will  be  forged.  We  can  raise  the  price  of  forgery, 
but  we  can’t  make  it  impossible.  Real  IDs  will  be  forged,”  Schneier  said."11  A  national 
database  full  of  identification  documents,  images  and  data  would  entice  many  kinds  of 
criminals,  including  terrorists  who  seek  to  steal  the  identity  of  a  “trusted”  individual. 

A  national  identification  system  would  divide  the  United  States  into  two  groups: 
(1)  “trusted  good  guys”  who  have  the  national  ID  card,  and  (2)  “untrusted  bad  guys”  who 
do  not.  But,  Schneier  has  pointed  out  that  there  is  a  third  category  that  appears  -  bad  guys 
who  fit  the  good  guy  profile.  Upon  the  release  of  the  draft  regulations,  Schneier  said, 
"The  REAL  ID  regulations  do  not  solve  problems  of  the  national  ID  card,  which  will  fail 
when  used  by  someone  intent  on  subverting  that  system.  Evildoers  will  be  able  steal  the 
identity  -  and  profile  -  of  an  honest  person,  doing  an  end-run  around  the  REAL  ID 
system.”"1  This  national  identification  system  inherently  contains  significant  threats  to 
individual  privacy  and  national  security."2 

X.  National  ID  Database  Would  Increase  Security 
Vulnerabilities 

In  the  best-case  scenario,  the  creation  of  the  REAL  ID  national  identification 

system  does  nothing  to  improve  our  security  protections.  In  the  worst-case  scenario,  the 

REAL  ID  system  will  exponentially  increase  threats  to  our  national  security.  DHS's 

cryptic  economic  analysis  is  based  upon  incredible  assumptions  about  possible  future 

terrorist  attacks  that  REAL  ID  would  supposedly  prevent.  The  economic  analysis  also 

ignores  indirect  costs.  The  REAL  ID  system  would  harm  national  security  by  increasing 

1 10  Bruce  Schneier.  Real-ID:  Costs  and  Benefits.  BULLETIN  OF  ATOMIC  SCIENTISTS.  Mar./Apr.  2007 
[“Schneier  Essay”],  available  at  http://www.schneier.com/blog/archives/2007/01/realid_costs_an.html. 

1  1  Press  Release,  EPIC,  After  Long  Delay.  Homeland  Security  Department  Issues  Regulations  For  Flawed 
National  ID  Plan  (Mar.  2,  2007),  available  at  http://www.epic.org/press/030207.html. 

1 12  See  National  Database  discussion,  supra  Section  X  (how  universal  identification  systems  increase 
security  threats). 


Comments  of  EPIC 
REAL  ID 


33 


Department  of  Homeland  Security 
Docket  No.  DHS  2006-0030 


risks  of  identity  theft  and  fraud,  and  by  diverting  funds  away  from  other  security 
programs  that  have  been  proven  effective. 

A.  Regulations  Would  Not  Improve  Our  Security  Protections 

Quantitative  risk  assessments  are  characteristically  limited  by  false  or  unverifiable 

assumptions,  faulty  modeling,  and  above  all  short-sighted  local  optimization  that  tends  to 

ignore  long-term  implications  and  slippery-slope  changes  in  the  validity  of  the 

assumptions."'  The  economic  analysis  in  the  Department  of  Homeland  Security’s 

Regulatory  Evaluation  conducts  such  a  quantitative  risk  assessment,  and  falls  victims  to 

these  faulty  assumptions.  The  Regulatory  Evaluation  states: 

The  primary  benefit  of  REAL  ID  is  to  incrementally  increase  U.S.  national 
security  by  reducing  the  vulnerability  to  criminal  or  terrorist  activity  of  federal 
buildings,  nuclear  facilities,  and  aircraft.  The  chances  of  a  terrorist  attack  on  such 
targets  being  successful  would  generally  increase  if  identity  documents  that  grant 
access  to  them  are  in  the  possession  of  the  attackers.  This  is  demonstrated  by  the 
fact  that  several  of  the  9/1 1  hijackers  had  false  driver’s  licenses  or  fraudulently 
obtained  driver’s  licenses  in  their  possession  at  the  time  of  that  attack."4 

The  analysis  goes  on  to  say,  “REAL  ID  is  highly  unlikely  to  impact  the  consequences  of 

a  successful  attack,  but  it  may  impact,  on  the  margin,  the  chance  of  a  terrorist  attack 

being  attempted  and  succeeding.”"5  So,  DHS  is  attempting  to  determine  the  marginal 

chance  that  REAL  ID  will  lessen  the  chance  of  success  or  discourage  the  attempt  of  a 

terrorist  attack.  Setting  aside  the  assumption  that  a  lack  of  REAL  ID  cards  would  make  it 

more  difficult  to  succeed  in  a  terrorist  attack  upon  the  United  States,  we  turn  to  the 

mathematical  formula  that  DHS  uses  to  calculate  the  REAL  ID  system’s  presumed 

"primary  benefit.” 


113  Peter  G.  Neumann,  Computer-Related  Risks ,  §  7.10,  Risks  in  Risk  Analysis,  pp.  255-257(Addison- 
Wesley  1995). 

114  Regulatory  Evaluation  at  126,  supra  note  18. 

115  Id.  at  127. 
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The  annual  risk  that  the  U.S.  faces  with  regard  to  a  potential  terrorist  attack  can  be 
represented  as  the  chance  that  an  attack  will  successfully  take  place,  multiplied  by 
the  consequences  of  that  attack.  This  can  be  mathematically  represented  as  FI*K, 
where  n  is  the  annual  chance  of  a  successful  attack  and  K  is  the  consequences  of 
an  attack  in  monetary  terms.  Homeland  security  measures  such  as  REAL  ID 
impact  either  the  chance  or  consequences  of  a  successful  attack,  or  both.  REAL 
ID  is  highly  unlikely  to  impact  the  consequences  of  a  successful  attack,  but  it  may 
impact,  on  the  margin,  the  chance  of  a  terrorist  attack  being  attempted  and 
succeeding.  Let  LIB  be  this  chance  prior  to  the  introduction  of  REAL  ID,  and  DA 
be  the  chance  after  REAL  ID  comes  into  effect.  Then  the  security  impact  of 
REAL  ID  in  the  course  of  one  year  can  be  measured  in  dollar  terms  as  (FIB  - 
riA)*K."6 

So,  DHS  takes  the  probability  of  a  successful  terrorist  attack  without  the  REAL  ID 

national  identification  system  in  place  (CUB)  and  subtracts  the  probability  of  a  successful 

attack  with  REAL  ID  (DA);  then  they  take  the  resulting  number  and  multiply  it  by  the 

cost  to  the  United  States  of  a  successful  terrorist  attack.  Understandably,  DHS  goes  onto 

explain  that  such  an  evaluation  is  very  difficult  and  full  of  uncertainty. 

Let  the  cost  of  the  REAL  ID  regulation,  which  has  been  estimated,  be  C.  Then  for 
REAL  ID  to  be  fully  justified  on  national  security  grounds  alone,  it  must  be  the 
case  that  its  benefit  is  at  least  as  great  as  its  costs.  The  annual  risk-reduction  benefit 
of  Real  ID  is  dlB  -  f[A)*K,  and  the  sum  of  this  benefit  over  ten  years  must  equal 
Real  ID’s  cost,  C.  If  we  can  determine  a  dollar  value  for  K,  then  we  can  measure 
the  marginal  impact  that  REAL  ID  must  bring  about  on  the  probability  of  a 
successful  terrorist  attack  on  a  federal  target  for  it  to  be  fully  justified  by  its  security 
benefit."7 

DHS  is  attempting  to  determine  if  (FIB  -  riA)*K,  which  is  the  annual  risk-reduction 
benefit  of  REAL  ID,  over  10  years,  is  at  least  equal  to  C,  which  is  the  cost  of  REAL  ID, 
which  DHS  has  set  at  -  a  discounted  rate  of  -  S17.2B.  DHS  goes  on  to  explain  that  this 
formula  is  based  on  the  assumption  that  another  attack  would  affect  us,  in  economic 
terms,  the  same  as  September  1 1,  2001.  DHS  estimates  another  attack  would  cost  the 
United  States  either  $63.9  billion  (an  estimate  of  the  immediate  impact  incurred)  or 


mId.  at  127. 
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$374. 7B  (an  estimate  of  the  immediate  and  longer  run  impact)."8  Other  assumptions: 


We  assume  that  terrorist  groups  are  seeking  to  inflict  another  attack  with 
consequences  on  the  order  of  magnitude  of  9/1 1.  We  also  assume  that  they  are 
engaged  in  a  campaign  such  that  in  every  year  during  the  10-year  period  over  which 
the  costs  and  benefits  of  REAL  ID  are  being  evaluated,  there  is  a  positive  and 
identical  probability  of  being  successfully  attacked.  Under  this  assumption,  the 
expected  present  value  of  the  consequences  of  the  terrorist  campaign  against  the 
U.S.  homeland  equals  the  sum  of  the  expected  values  of  consequences  in  each 
particular  year  over  the  10-year  period  2007-16: 

11 2007 *K 2007  +  (l-d)*D2008*K2008  +  (l-d)2*D2009*K2009  +  .... 

+  (l-d)9*n2016*K2016, 

where  □  is  the  discount  rate  and  K  is  the  monetary  value  of  consequences  in  real 
2006  dollars.  Because  we  assume  that  □  and  □  do  not  change  from  year  to  year, 
this  can  be  re-written  as: 

n*K  +  o-d)*  n*K  +  (i-a)2*  n*K  +  ....  +  (i-a)9*  n*K , 

or 

D*n*K,  where  D  equals  { 1  +  (1-0)  +  (1-0)2  +  ....  +  (1-3)9}. 

This  expression  is  the  sum  of  the  expected  discounted  annual  consequences  of  a 
terrorist  campaign  against  the  U.S.  homeland  over  a  ten-year  period.  As  noted 
earlier.  Real  ID  is  anticipated  to  bring  about  a  reduction  in  the  annual  probability  of 
a  successful  attack  from  nB  -  I1A.  and  the  security  benefit  of  Real  ID  over  the  ten- 
year  period  is  therefore  D*(I1B  -  nA)*K."9 

The  variable  D  represents  the  annual  consequences  of  a  terrorist  campaign  against  the 

U.S.  over  a  ten-year  period.  DHS  multiplies  D  by  [( n B  -  flA)  times  K],  which  is  the 

annual  risk-reduction  benefit  of  REAL  ID.  DHS  then  sets  this  equation  equal  to  the 

direct  cost  of  the  REAL  ID  national  ID  system.  By  solving  this  equation,  DHS  hopes  to 

find  the  marginal  impact  on  security  that  the  REAL  ID  system  must  have  in  order  to 

break  even.  For  "Real  ID  to  break  even  with  respect  to  cost  and  expected  security 


118  Id.  at  127. 

1 19  Regulatory  Evaluation  at  1 28-29,  supra  note  1 8. 
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benefits,  it  must  be  the  case  that  D*01B  -  []A)*K  =  C,  or  FIB  -  FIA  =  C/(D*K).”120  So, 
to  break  even,  we  need  [D*(nB  -  nA)*Kl  to  be  equal  to  C,  meaning  that  how  much 
REAL  ID  will  save  us  in  economic  terms  must  be  equal  to  the  cost  of  the  REAL  ID 
system.  Or,  stated  another  way,  it  must  be  that  I~1B  -  FIA,  probability  of  a  successful 
terrorist  attack  without  the  REAL  ID  national  identification  system  in  place  (CUB)  minus 
the  probability  of  a  successful  attack  with  REAL  ID  (11  A),  is  equal  to  C,  cost  of  REAL 
ID  system,  divided  by  |D,  annual  consequences  of  a  terrorist  campaign  against  the  U.S. 
over  a  ten-year  period,  multiplied  by  K.  cost  to  the  United  States  of  a  successful  terrorist 
attack). 

Here  is  where  it  gets  tricky.  Assuming  the  cost  of  REAL  ID  to  be  S17.2B  and  the 
cost  of  a  successful  9/1 1-type  terrorist  attack  to  be  $374.7  billion  long-term,  the  value  of 
C/D*K,  in  2006  dollars,  is  0.61%.  Therefore,  for  "REAL  ID  to  be  fully  justified  by  its 
primary  security  benefit,  it  must  bring  about  a  marginal  reduction  in  the  annual  chance  of 
a  successful  9/1 1-type  attack  of  0.6 1%.”121  If  DHS  only  estimates  the  immediate  impact, 
and  assumes  the  cost  of  REAL  ID  to  be  $17.2  billion  and  the  cost  of  the  attack  to  be 
$63.9  billion,  then  the  value  of  C/(D*K)  is  3.60%.  “For  REAL  ID  to  be  fully  justified  by 
its  primary  security  benefit  in  immediate  impacts  alone,  it  must  bring  about  a  marginal 
reduction  in  the  annual  chance  of  a  successful  9/1 1-type  attack  of  3.60%.”122 

After  all  of  these  head-scratching  mathematical  assumptions,  there  is  no  conclusion, 
because,  as  DHS  explains,  “[wjithout  further  information  on  the  absolute  level  of  DB  [the 
probability  of  a  successful  terrorist  attack  without  the  REAL  ID  national  identification 
system  in  place],  it  is  difficult  to  say  whether  0.61%  or  3.60%  is  a  very  large  reduction  in 

120  Id.  at  129. 
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the  chance  of  successful  attack,  or  a  more  moderate  reduction.”125  Therefore,  it  is 


unknown,  even  with  all  of  these  assumptions,  whether  REAL  ID  would  even  marginally 
reduce  the  possibility  of  a  successful  terrorist  attack. 

DHS  acknowledges  that  certain  assumptions  are  used  in  this  analysis,  such  as 
assumptions  for  the  variable  K,  the  impact  or  the  cost  to  the  U.S.  economy  of  a  terrorist 
attack,  which  DHS  assumes  would  be  of  the  same  magnitude  as  September  1 1,  2001. 
However,  there  is  little  discussion  about  the  variable  C,  the  cost  of  the  REAL  ID  system. 
There  are  two  ways  in  which  the  figures  used  by  DHS  are  faulty:  1)  they  underestimate 
the  direct  costs  and  2)  they  ignore  the  indirect  costs.  Such  indirect  costs  include  the 
impact  upon  civil  liberties,  increased  risk  of  identity  theft  and  fraud,  and  the  diversion  of 
funds  from  other,  effective  security  programs.121  Both  faulty  assumptions  make  the 
variable  C  smaller,  while  DHS  has  assumed  a  very  large  number  for  K.  so  the  cost  of  the 
REAL  ID  system  would  seem  dwarfed  in  comparison  to  the  cost  of  another  terrorist 
attack,  making  REAL  ID  seem  cost-effective  even  if  it  only  has  a  marginal  effect  on  the 
probability  of  another  attack  -  an  effect  REAL  ID  would  not  have. 

REAL  ID  does  not  add  to  our  security  protections,  but  in  fact  increases  our  security 
threats  by  diverting  needed  funds  from  other  national  security  projects.  The  estimated 
cost  of  REAL  ID  implementation  has  spiraled.  Before  the  Act’s  passage  in  2005,  the 
Congressional  Budget  Office  estimated  its  cost  to  be  around  $100  million. 12:5  In 
September,  the  National  Conference  of  State  Legislatures  released  a  report  estimating  the 


123  id. 

124  See  Identity  Theft  discussion,  infra  at  Section  X(c)  (REAL  ID  increases  risks  for  identity  theft). 

125  Cong.  Budget  Office,  Cost  Estimate:  H.R.  418:  REAL  ID  Act  of 2005  (Feb.  9.  2005),  available  at 
http://www.cbo.gov/showdoc.cfm?index=6072&sequence=0&from=6. 
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cost  to  be  $1 1  billion  over  the  first  five  years.12'’  Now,  the  Department  of  Homeland 
Security  has  admitted  that  REAL  ID  will  cost  states  and  individuals  from  $17.2  billion  to 
$23. 1  billion  over  ten  years.12  Congress  has  appropriated  only  $40  million  for  REAL  ID 
implementation.  The  Department  of  Homeland  Security  now  says  that  a  state  can  use  up 
to  20  percent  of  its  Homeland  Security  Grant  Program  funding  for  REAL  ID 
implementation,  which  total  about  $100  million  for  2007. 12x  Implementation  costs  for  the 
state  of  California  alone  would  be  about  $500  million.129 

Diverting  Homeland  Security  Grant  Program  money  to  REAL  ID  means  that 
funding  originally  budgeted  by  the  states  for  other  homeland  security  projects,  including 
training  and  equipment  for  rescue  and  first  responder  personnel.  Even  if  the  states 
received  $100  million  per  year  for  10  years,  that  would  still  amount  to  only  $1.04  billion 
in  Federal  funds,  a  fraction  of  the  $17.2  billion  to  $23.1  billion  price  tag.  The  rest  of  the 
cost  would  be  borne  by  states  and  their  residents. 

B.  Regulations  Would  Increase  National  Security  Threats 
In  a  recent  analysis  of  the  REAL  ID  Act,  EPIC  Executive  Director  Marc 
Rotenberg  explained  that  “[s]ystems  of  identification  remain  central  to  many  forms  of 
security.  But  designing  secure  systems  that  do  not  introduce  new  risks  is  proving  more 
difficult  than  many  policymakers  had  imagined.”1'"  The  theory  that  the  REAL  ID  Act 


126  Governors’  Analysis,  supra  note  46. 

127  REAL  ID  Draft  Regulations  at  10.845.  supra  note  1. 

I2S  Press  Release,  Dep’t  of  Homeland  Sec..  DHS  Issues  Proposal  for  States  to  Enhance  Driver’s  Licenses 
(Mar.  1.  2007).  available  at  http://www.dhs.gov/xnews/releases/pr_l  172765989904.shtm. 

129  Cal.  Dep’t  of  Motor  Vehicles.  Report  to  the  Legislature  on  the  Status  of  the  REAL  ID  Act,  at  3  (Dec.  15, 
2006),  available  at  http://www.dmv.ca.gov/about/real_id/real_id.pdf. 

110  Marc  Rotenberg,  Exec.  Dir.,  EPIC,  Real  ID.  Real  Trouble?,  COMMUNICATIONS  OF  THE  ACM,  Mar. 
2006,  available  at  http://www.epic.org/privacy/id_cards/mr_cacm0306.pdf. 
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will  prevent  terrorism  is  predicated  on  the  belief  that  only  “outsiders”  have  an  intent  to 
harm  the  United  States.  This  theory  is  fundamentally  flawed. 

Security  expert  Bruce  Schneier  has  explained  the  theory  of  identification-based 
security.  “In  theory,  if  we  know  who  you  are,  and  if  we  have  enough  information  about 
you,  we  can  somehow  predict  whether  you’re  likely  to  be  an  evildoer,”  Schneier  said. 1,1 
This  is  impossible,  because  you  cannot  predict  intent  based  on  identification,  he  said.112 
There  are  threats  from  both  sides.  Terrorist  acts  have  been  committed  by  U.S.  citizens, 
"insiders.”  Oklahoma  City  bombers  Timothy  McVeigh  and  Terry  Nichols  were  U.S. 
citizens.  As  was  Unabomber  Ted  Kaczynski. 

A  recent  case  illustrates  Schneier’s  point.  According  to  court  documents,  last 
month,  two  men  entered  restricted  areas  at  an  airport  in  Florida,  bypassed  security 
screeners  and  carried  a  duffel  bag  containing  14  guns  and  drugs  onto  a  commercial 
plane.”133  They  avoided  detection,  because  they  are  airline  baggage  handlers  who  used 
their  uniforms  and  legally  issued  identification  cards.1'4  Both  men  had  passed  Federal 
background  checks  before  they  were  hired,  according  to  a  spokesman  for  Comair,  the 
airline  that  employed  the  men.133  This  questions  the  assumption  that  more  and  broader 
background  checks,  such  as  those  suggested  in  the  draft  regulations,  would  prevent 
insider  attacks.  There  are  other  problems  with  the  background  checks,  which  will  be 
discussed  below.136 


151  Schneier  Essay,  supra  note  1 10. 

132  Id. 

133  Jim  Ellis,  Feds:  Bag  Of  Guns  Smuggled  Onto  Plane ,  Associated  Press,  Mar.  9.  2007. 

134  Id. 

135  Id. 

136  See  Domestic  Violence  discussion,  infra  Section  XI. 
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The  baggage  handlers  were  only  investigated  and  caught  after  police  received  an 
anonymous  tip.1 '  If  the  airport  had  identification-neutral  security  systems,  such  as 
requiring  all  fliers  go  through  metal  detectors,  then  the  men  could  not  have  walked  past 
them.  But  the  identification-based  security  system  failed  because  it  allowed  some  fliers  to 
skip  screening  because  they  are  presumed  to  have  no  evil  intent,  and  the  men  transported 
weapons  and  contraband  aboard  a  commercial  flight.  Creating  a  national  identification 
system  would  have  just  as  devastating  consequences,  but  on  a  larger  scale,  because  many 
more  people  would  be  presumed  "trusted”  or  "untrusted"  based  upon  their  decision  to 
carry  or  not  carry  the  REAL  ID  card. 

C.  Even  If  Assumptions  Granted,  REAL  ID  Would  Not  Substantially  Affect 
Identity  Theft  Crimes 

The  draft  regulations  list  reducing  identity  theft  as  one  of  the  benefits  of  the 
REAL  ID  national  identification  system.1'*  However,  the  agency’s  own  economic 
analysis  under  its  Regulatory  Evaluation  shows  that,  even  if  one  grants  DHS  the 
economic  assumptions  it  makes,  overall  identity  theft  crimes  would  only  be  reduced  by 
2.8  percent,  at  best."'* 

First,  it  is  important  to  note  that  the  DHS  Regulatory  Evaluation  does  not  list 
"Reduce  Identity  Theft”  under  any  of  the  three  categories  of  benefits  -  “monetized,” 
"annualized  quantified,  but  unmonetized.”  or  “unquantifiable  benefits"  in  the  accounting 
statement  for  the  draft  regulations.14"  Actually,  the  only  benefit  listed  is  under 
“unquantifiable  benefits,”  and  that  is  the  claim  that  REAL  ID  would  “incremementally 
increase  U.S.  national  security.” 

1,7  Jim  Ellis,  Feds:  Bag  Of  Guns  Smuggled  Onto  Plane. 

138  REAL  ID  Draft  Regulations  at  1 0.837.  10.846.  supra  note  1. 

139  Regulatory  Evaluation  at  5,  supra  note  18. 

140  Id.  at  7. 
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Second,  the  Regulatory  Evaluation  later  lists  “reducing  identity  theft”  as  a 


potential  ancillary  benefit.141  The  economic  analysis  explains  that: 

REAL  ID  will  only  have  the  ability  to  impact  those  types  of  identity  theft  that 
require  a  drivers  license  for  successful  implementation,  and  only  to  the  extent  that 
the  rulemaking  leads  to  incidental  and  required  use  of  REAL  ID  documents  in 
everyday  transactions,  which  is  an  impact  that  also  depends  critically  on  decisions 
made  by  State  and  local  governments  and  the  private  sector.142 

The  potential  ancillary  benefit  depends  on  a  vast  expansion  of  REAL  ID  uses  from  the 

three  official  purposes  required  in  the  draft  regulations.  The  economic  analysis  assumes 

that  REAL  ID  would  be  used  in  “everyday  transactions,”  which  would  have  a  devastating 

affect  on  identity  theft  protections.14'  Setting  aside  that  flawed  assumption  and  focusing 

upon  the  economic  analysis,  there  is  little  benefit  to  be  found.  If  all  of  the  agency’s 

assumptions  are  agreed  to,  including  the  belief  that  REAL  ID  cards  would  be  used  in 

everyday  transactions,  the  Department  of  Homeland  Security  still  finds  that  REAL  ID 

would  reduce  by  10  percent  only  the  28  percent  of  ID  theft  crimes  that  “are  likely  to 

require  the  presentation  of  an  identity  document  like  a  drivers  license.”144  Therefore,  the 

REAL  ID  national  identification  system  will  reduce  only  2.8  percent  of  all  identity  theft 

crimes,  a  savings  of  approximately  $1.6  billion  total  for  the  2007-2016  period.14'  The 

Department  of  Homeland  Security  has  estimated  that  REAL  ID  would  cost  $23.1  billion 

for  that  period.  Basic  economic  analysis  finds  that  one  ought  not  spend  $23.1  billion  to 

create  a  national  identification  system  that  might  reduce  the  cost  of  identity  theft  crimes 

by  $1.6  billion. 


w  Id.  at  126.  129-30. 

142  Id.  at  130. 

143  See  Identity  Theft  discussion,  infra  at  Section  X(c)  (REAL  ID  increases  risks  of  identity  theft). 

144  Regulatory  Evaluation  at  130,  supra  note  18. 
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D.  Centralized  Identification  System  Increases  Risk  of  Identity  Theft 


The  draft  regulations  create  a  national  identification  system  with  a  national 
database,  and  this  creates  an  enormous  security  risk.  EPIC  and  others  have  explained  that 
it  decreases  security  to  have  a  centralized  system  of  identification,  one  ID  card  for  many 
purposes,  as  there  will  be  a  substantial  amount  of  harm  when  the  card  is  compromised.146 

The  REAL  ID  Act  mandates  that  States  provide  every  other  state  with  electronic 
access  to  information  contained  in  their  motor  vehicle  databases  and  each  State  database 
must  contain  all  data  fields  printed  on  driver’s  licenses  and  ID  cards,  and  driver’s 
histories,  including  motor  vehicle  violations,  suspensions,  and  points  on  licenses.147  Yet, 
DHS  claims  that  a  national  database  will  not  be  created  because  the  regulations  ”leave|] 
the  decision  of  how  to  conduct  the  exchanges  in  the  hands  of  the  States.”14*  This 
mandatory  “State-to-State  data  exchange”  creates  one  huge  national  database  containing 
the  personal  information  of  245  million  license  and  ID  cardholders  -  a  database  that  can 
be  accessed  at  DMVs  across  the  country. 

Using  a  national  ID  card  would  be  as  if  you  used  one  key  to  open  your  house, 
your  car,  your  safe  deposit  box,  your  office,  and  more.14''  “The  problem  is  that  security 
doesn’t  come  through  identification;  security  comes  through  measures  -  airport 
screening,  walls  and  door  locks  -  that  work  without  relying  on  identification";  therefore. 


146  EPIC  Testimony  at  Maryland  Senate,  supra  note  109:  see  EPIC,  Comments  to  the  Federal  Identity  Theft 
Task  Force,  P0654I0  (Jan.  19.  2007),  available  at 

http://www.epic.org/privacy/idtheft/EPIC_FTC_ID_Theft_Comments.pdf:  EPIC  page  on  Identity  Theft:  Its 
Causes  and  Solutions,  available  at  http://www.epic.org/privacy/idtheft/. 

147  Section  202(d)(  1 2);  (d)(13). 

,4'<  REAL  ID  Draft  Regulations  at  10.825.  supra  note  1. 

149  Melissa  Ngo,  Dir.,  Identification  &  Surveillance  Project,  EPIC,  Prepared  Testimony  and  Statement  for 
the  Record  at  a  Meeting  on  "REAL  ID  Rulemaking"  Before  the  Data  Privacy  <£  Integrity  Advisory  Comm., 
Dep't  of  Homeland  Sec.  (Apr.  14.  2007),  available  at 
http://www.epic.org/privacy/id_cards/ngo_test_032107.pdf. 
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a  centralized  system  of  identification  would  not  increase  national  security,  security  expert 
Bruce  Schneier  has  said.10 

A  large  data  breach  affects  the  confidence  and  trust  of  the  public.  People  will 
recoil  from  systems  that  create  privacy  and  security  risks  for  their  personal  data.  We  have 
seen  countless  data  breaches  that  have  left  the  personal  data  of  tens  of  millions  of 
Americans  vulnerable  to  misuse.  Recently,  almost  46  million  credit  and  debit  card 
numbers  were  stolen  by  hackers  who  accessed  the  computer  systems  at  the  TJX 
Companies  over  a  period  of  several  years,  making  it  the  biggest  breach  of  personal  data 
ever  reported. IM  The  computer  system  breaches  began  in  July  2005  but  weren’t 
discovered  until  December  2006  -  the  financial  data  of  millions  were  exposed  for  17 
months.152  Last  May,  an  information  security  breach  by  a  Department  of  Veterans  Affairs 
employee  resulted  in  the  theft  from  his  Maryland  home  of  unencrypted  data  affecting 
26.5  million  veterans,  active-duty  personnel,  and  their  family  members.15'  The  laptop  and 
an  external  hard  drive  contained  unencrypted  information  that  included  millions  of  Social 
Security  numbers,  disability  ratings  and  other  personal  information.154  In  February  2005, 
databroker  Choicepoint  sold  the  records  of  at  least  145.000  Americans  to  a  criminal  ring 
engaged  in  identity  theft.1  5  Also  that  year.  Bank  of  America  misplaced  back-up  tapes 


150  Press  Release,  EPIC,  After  Long  Delay.  Homeland  Security  Department  Issues  Regulations  For  Flawed 
National  ID  Plan  (Mar.  2,  2007).  available  at  http://www.epic.org/press/030207.html. 

151  TJX  Cos.,  Annual  Report  (Form  10-K).  at  8-10  (Mar.  28.  2007).  available  at 
http://ir.l0kwizard.com/downIoad.php?format=PDF&ipage=4772887&source=487. 

152  Id.  at  7. 

151  See  EPIC’s  Page  on  the  Veterans  Affairs  Data  Theft,  http://www.epic.org/privacy/vatheft/. 

154  Statement,  Dep't  of  Veterans  Affairs.  A  Statement  from  the  Department  of  Veterans  Affairs  (May  22, 
2006). 

155  Robert  O'Harrow  Jr.,  ID  Theft  Scant  Hits  D.C.  Area  Residents,  Wash.  Post,  Feb.  21 , 2005,  at  A01 ;  see 
EPIC’s  Page  on  ChoicePoint.  http://www.epic.org/privacy/choicepoint/. 
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containing  detailed  financial  information  on  1.2  million  employees  in  the  Federal 
government,  including  many  members  of  Congress.1'*' 

A  centralized  identification  system  would  be  a  tempting  target  for  identity  thieves. 
If  a  criminal  breaks  the  system’s  security,  then  the  criminal  would  have  access  to  the 
personal  information  of  every  single  person  in  that  database.  If  this  one,  centralized 
system  is  used  across  the  nation,  this  would  put  hundreds  of  millions  of  people  at  risk  for 
identity  theft. 

There  is  another  significant  security  risk,  besides  that  of  attacks  by  unauthorized 
users,  and  that  is  of  authorized  users  abusing  their  power.15  A  2005  scandal  in  Florida 
highlights  risks  associated  with  large  database  systems.  A  woman  wrote  to  a  newspaper 
criticizing  a  Florida  sheriff  as  being  too  fat  for  police  work  and  condemning  his  agency’s 
use  of  stun  guns.158  Orange  County  Sheriff  Kevin  Beary  ordered  staffers  to  use  state 
driver’s  license  records  to  find  the  home  address  of  his  critic.159  The  sheriff  sent  her  a 
letter  at  her  home  address,  and  she  reported  being  surprised  that  he  was  able  to  track  her 
down  so  easily.16"  In  a  case  in  Maryland  just  last  year,  three  people  -  including  a 
Maryland  Motor  Vehicle  Administration  official  -  were  indicted  on  charges  of 
“conspiring  to  sell  unlawfully  produced  MVA-issued  Maryland  identification  cards.’’161 

The  consumer  harm  that  results  from  the  wrongful  disclosure  of  personal 
information  is  very  clear.  For  the  seventh  year  in  a  row,  identity  theft  is  the  No.  1  concern 


l5fi  Robert  Lemos,  Bank  of  America  loses  a  million  customer  records,  CNet  News.com,  Feb.  25,  2005. 

157  See  Domestic  Violence  discussion,  infra  Section  XI  (abusers  use  their  authorized  access  to  stalk 
victims). 

158  Called  fat,  sheriff  tracks  down  reader.  Associated  Press,  Apr.  6,  2005. 

159  Id. 

160  Id. 

161  Fake  ID  Cards,  Wash.  Post,  Mar.  15,  2006.  at  B02. 
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of  U.S.  consumers,  according  to  the  Federal  Trade  Commission’s  annual  report.162  Over 
104  million  data  records  of  U.S.  residents  have  been  exposed  due  to  security  breaches 
since  January  2005,  according  to  a  report  from  the  Privacy  Rights  Clearinghouse.163  A 
centralized  system  of  identification  creates  a  “one-stop  shop”  for  identity  thieves. 
Centralizing  authority  over  personal  identity  into  one  database  and  one  card  increases 
both  the  risk  of  identity  theft  as  well  as  the  scope  of  harm  when  it  occurs.  The  confidence 
and  trust  of  consumers  will  fall  when  such  a  breach  occurs;  people  will  withdraw  because 
of  privacy  and  security  questions. 

XI.  REAL  ID  Harms  Victims  of  Domestic  Violence  and  Sexual 
Assault 

The  REAL  ID  national  identification  system  creates  difficulties  for  many  groups, 
and  it  has  significant  consequences  for  domestic  violence  and  sexual  assault  victims.164 
The  residential  address  requirements  endanger  the  ability  of  victims  of  domestic  violence, 
sexual  assault,  and  other  crimes  to  hide  from  their  abusers.  The  background  check 
provisions  set  out  in  the  draft  regulations  do  not  fully  protect  these  victims  from  their 
abusers.  In  fact,  the  REAL  ID  system  would  help  abusers  find  and  track  their  victims 
across  the  nation. 

A.  REAL  ID  Endangers  Address  Confidentiality 
Currently,  many  States  allow  domestic  violence  victims  and  others  to  protect  the 
confidentiality  of  their  residential  addresses.  States  have  created  formal  Address 
Confidentiality  Programs  and  states  have  also  provided  general  measures  of  residential 


162  Fed.  Trade  Comm'n,  Consumer  Fraud  and  Identity  Theft  Compliant  Data:  January  -  December  2006 
(Feb.  7,  2007),  available  at  http://www.consumer.gov/sentinel/pubs/TopI0Fraud2006.pdf. 

163  Privacy  Rights  Clearinghouse,  Chronology  of  Data  Breaches, 
http://www.privacyrights.org/ar/ChronDataBreaches.htm. 

164  See  EPIC’s  Page  on  REAL  ID  and  Domestic  Violence,  http://www.epic.org/privacy/dv/real_id.html. 
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address  privacy.  The  proposed  regulations  override  these  substantial  protections,  and  the 
overrides  must  be  removed  from  the  final  regulations.  The  government  must  not  make  it 
easier  for  abusers  to  find  their  victims. 

State  Address  Confidentiality  Programs  are  an  important  tool  for  protecting  the 
safety  of  domestic  violence  and  sexual  assault  victims.  Currently  20  states  have  address 
confidentiality  programs.16'  Generally,  under  such  programs,  domestic  violence  or  sexual 
assault  victims  register  with  the  secretary  of  State  or  their  attorney  general.  The  victim  is 
provided  an  address  with  that  State  office,  which  forwards  the  mail  received  there  to  the 
enrollee's  residential  address.  This  State  office  address  is  used  in  official  correspondence 
with  the  State,  though  businesses  are  not  usually  required  to  use  it. 

The  REAL  ID  Act  requires  that  driver’s  licenses  include  a  person’s  “address  of 
principal  residence."166  This  requirement  effectively  destroys  state  address 
confidentiality  programs.  The  recent  Violence  Against  Women  and  Department  of  Justice 
Reauthorization  Act  (“VAWA")  included  a  requirement  for  DHS  to  “consider  and 
address"  the  needs  of  certain  groups  when  the  agency  is  “developing  regulations  or 
guidance  with  regard  to  identification  documents,  including  driver's  licenses,”16  These 
groups  include  domestic  violence  and  sexual  assault  victims  who  are  entitled  to  be 
enrolled  in  State  address  confidentiality  programs;  whose  addresses  are  entitled  to  be 
suppressed  via  court  order  or  State  or  Federal  law;  or  whose  information  is  protected 


165  See ,  Nat’l  Conference  of  State  Legislatures,  Stales  With  Address  Confidentiality  Programs  for  Domestic 
Violence  Survivors,  http://www.ncsl.org/programs/cyf/dvsurvive.htm  (listing  19  states,  not  including 
Maryland  but  including  Illinois  which  is  unfunded);  See  also.  Maryland  Safe  At  Home  Address 
Confidentiality  Program,  http://www.sos.state.md.us/ACP/Information.htm. 

166  Pub.  L.  No.  109-13,  §  202(b)(6).  1 19  Stat.  231,312(2005). 

167  Pub.  L.  No.  109-162,  §  827,  1 19  Stat.  2960,  3066  (2005). 
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from  disclosure  according  to  Section  384  of  the  Illegal  Immigration  Reform  and 
Immigrant  Responsibility  Act  1996. 168 

In  the  draft  regulations,  DHS  has  not  followed  the  VAWA  requirement;  instead, 
the  agency  has  significantly  reduced  the  protections  afforded  by  these  programs.  The 
proposed  regulations  require  that  addresses  of  principal  residence  be  placed  on  the  face  of 
the  REAL  ID  card  and  include  some  exemptions  from  this  requirement,  such  as  one  for 
those  enrolled  in  Federal  Witness  Security  Programs.16'1  The  regulations  also  exempt 
those  who  are  enrolled  in  State  address  confidentiality  programs.1  11  This  is  not  the  same 
as  creating  an  exemption  for  those  who  are  "entitled  to  be  enrolled  in  the  programs,  as 
stated  under  the  Violence  Against  Women  Act."  In  its  discussion  of  the  proposed  rule, 
DHS  does  propose  to  include  an  exemption  for  those  who  are  "entitled  to  be  enrolled"  in 
state  address  confidentiality  programs.171  DHS  must  include  this  exemption  in  the  final 
regulations.  It  cannot  be  that,  as  currently  stated  under  the  draft  regulations,  only  those 
actually  enrolled  in  State  Address  Confidentiality  Programs  would  be  exempted  from  the 
requirement  to  display  their  residential  addresses  on  the  face  of  the  REAL  ID  card.  Many 
domestic  violence  and  sexual  assault  victims  who  are  entitled  to  enroll  in  State  Address 
Confidentiality  Programs  are  not  actually  enrolled,  for  a  variety  of  personal,  safety  and 
logistical  reasons.  They  should  not  be  punished  for  not  actually  enrolling  in  the  program. 

In  order  to  adequately  "consider  and  address"  the  needs  of  those  who  are  “entitled 
to  be  enrolled”  in  a  State  confidentiality  program,  DHS  must  permit  States  to  allow  those 
who  are  entitled  to  be,  but  are  not  in  address  confidentiality  programs  to  be  exempted 

,6S  Violence  Against  Women  and  Department  of  Justice  Reauthorization  Act  of  2005.  Pub.  L.  No.  109-162, 

§  827,  1 19  Stat.  2960,  3066  (2005). 

,6''  REAL  ID  Draft  Regulations  at  10854,  supra  note  I . 

170  Id.  at  10854. 
m  Id.  at  10836. 
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from  the  address  of  principal  residence  requirement.  DHS  should  allow  individuals  to 
affirm  that  they  fear  victimization  and  would  benefit  from  address  confidentiality.  It 
would  be  problematic  to  burden  State  motor  vehicle  agencies  with  the  determination  of 
who  is  entitled  to  be  enrolled  in  an  address  confidentiality  program.  States  could  rely  on 
the  affirmation,  rather  than  making  a  determination  of  the  merits  of  an  individual’s  need 
for  confidentiality.  This  would  close  the  gap  between  those  domestic  violence  and  sexual 
assault  victims  who  are  “entitled  to  be  enrolled"  and  those  who  are  actually  enrolled  in 
State  Address  Confidentiality  Programs. 

Also,  though  the  proposed  rule  exempts  from  the  residential  address  requirement 
those  whose  addresses  are  “entitled  to  be  suppressed  under  State  or  Federal  law  or 
suppressed  by  a  court  order,"  this  statement  should  be  clarified  to  include  States  that 
generally  allow  individuals  to  display  on  licenses  and  ID  cards  an  address  other  than  their 
principal  place  of  residence.172  Several  States  generally  allow  non-residential  addresses  to 
be  on  driver’s  licenses.  Currently,  at  least  seven  States  permit  an  address  other  than  a 
residential  address  to  be  listed  on  licenses  or  ID  cards  (California.1 73  Florida.1  4 
Montana,17'  New  Mexico,1  6  Oklahoma.1  Wyoming,1  ,s  and  Virginia179).  For  example, 
under  Virginia's  law,  an  applicant  may  choose  to  list  a  post  office  box,  business  or 
residential  address.  The  applicant  is  still  required  to  provide  their  residential  address 


l7:  REAL  ID  Draft  Regulations  at  10854.  supra  note  1 . 
I7-’  Cal.  Veh.  Code  §  1281 1(a)(1)(A). 

174  Fla.  Stat.  Ann.  §  322. 14(  1  )(a). 

175  Mont.  Code.  Ann.  §  61-5-1 1 1. 

176  N.M.  Stat.  Ann.  §  66-5-15  (1978). 

177  Okla.  Stat.  Ann.  tit.  47,  §  6- 1 1 1  ( A)(  1 ). 

178  Wyo.  Stat.  Ann.  §  31-7-1 15(a)(iii). 

179  Va.  Code  Ann.  §  46.2-342(A  1). 

180  Id. 
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for  motor  vehicle  department  records,  but  this  residential  address  is  not  displayed  on  the 
license  or  ID  card.181 

Domestic  violence  survivors,  other  crime  victims,  or  those  generally  interested  in 
protecting  their  privacy  avail  themselves  of  these  State  laws  to  keep  their  addresses 
confidential.  These  laws  are  the  only  way  that  survivors  can  protect  themselves  in  States 
that  do  not  have  formal  address  confidentiality  programs  -  four  of  those  listed  do  not 
(Montana,  New  Mexico,  Virginia  and  Wyoming).  These  general  address  privacy  laws  are 
also  the  only  way  that  those  who  fear  victimization,  but  who  do  not  formally  qualify  for 
State  Address  Confidentiality  programs,  can  protect  themselves. 

Without  this  exemption  allowing  States  to  permit  any  individual  to  protect  her 
privacy  by  listing  a  non-residential  address,  the  victims  of  domestic  violence  and  sexual 
abuse  will  also  face  the  embarrassment  of  disclosing  that  they  are  victims  anytime  that 
their  identification  is  shown.  There  are  few  exceptions  from  the  residential  address 
requirement,  and  anyone  holding  a  REAL  ID  card  without  the  residential  address  listed 
would  immediately  be  placed  into  one  of  these  few  categories. 

B.  National  Database  Threatens  Security  of  Victims  of  Abuse  Crimes 

The  draft  regulations  require  that  States  provide  electronic  access  to  their  motor 
vehicle  database  information  to  all  other  States.18'  Survivors  who  flee  their  abusers, 
crossing  into  different  states,  will  be  exposed  if  their  abuser  breaches  the  security  of  any 
one  of  these  interconnected  databases.  An  abuser  with  an  associate  inside  a  State  DMV, 
law  enforcement,  or  other  agency  with  access  to  the  State  records  would  be  able  to  track 
a  victim  as  the  victim  moves  across  the  country. 

181  Id. 

182  REAL  ID  Draft  Regulations  at  10,856,  supra  note  I. 
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The  danger  of  negligent  and  accidental  disclosures  is  increased  by  REAL  ID,  as 
substantially  more  government  employees  will  have  access  to  all  motor  vehicle  records 
nationwide.  One  example  of  accidental  disclosure  occurred  in  Wisconsin  earlier  this  year 
—  a  police  officer  disclosed  a  victim’s  address,  found  in  a  DMV  record  to  a  stalker;  the 
officer  did  not  know  that  the  victim  had  a  restraining  order  against  this.11"  This  sort  of 
inadvertence  would  happen  much  more  frequently  in  a  post-REAL  ID  world,  as  access  to 
personal  information  is  spread  throughout  the  national  identification  system.  Intentional 
breaches  by  outsiders  or  authorized  insiders  abusing  their  power  would  also  have  a  wider 
scope.  Past  abuses  exemplify  what  can  be  expected  in  a  nationwide  scale.  For  example,  in 
Arizona,  a  police  officer  admitted  to  accessing  motor  vehicle  records  to  find  personal 
information  on  women  he  was  romantically  interested  in,  as  well  as  co-workers.184  If 
REAL  ID  is  implemented,  abusers  and  insiders  would  have  access  to  records  throughout 
the  country  and  would  be  able  to  track  their  victims  no  matter  where  they  flee. 

C.  Proposed  Background  Check  Procedures  Do  Not  Fully  Protect  Victims  of 
Abuse  Crimes 

DHS  proposes  that  certain  government  employees  be  subject  to  criminal  history 
background  checks,  with  certain  offenses  disqualifying  employees  from  specific  jobs 
related  to  the  REAL  ID  national  identification  system.  Covered  employees  would  be 
limited  to  those  who  could  affect  the  recording  of  information,  the  manufacture  of  REAL 
ID  cards,  or  the  information  displayed  on  a  card.186  Employees  who  can  access  the  record 
information  without  the  ability  to  edit  it  are  not  subject  to  the  background  check 

183  Kevin  Murphy,  Officer's  Actions  will  Cost  25.000.  GazetteXtra,  Feb.  15.  2007,  available  at 
http://www.gazetteextra.com/mezera02 1 507.asp. 

184  Michael  Kiefer,  Officer  Admits  to  Tampering;  Databases  Used  to  Check  on  Women,  ARIZONA 
Republic,  April  6,  2006,  at  B3. 

185  REAL  ID  Draft  Regulations  at  10,855.  supra  note  1. 

186  Id.  at  10,856. 
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requirement.  This  massive  loophole  greatly  increases  the  security  and  privacy  risks  of 
domestic  violence  and  sexual  abuse  victims,  as  significant  damage  can  be  done  by 
unauthorized  data  disclosure.  In  order  to  safeguard  against  these  threats,  the  broad 
category  of  those  who  have  access  to  records  should  be  shrunk,  rather  than  increasing  the 
category  of  those  who  are  covered  by  the  background  check  requirement. 

The  suitability  criteria  of  the  background  check  do  not  match  the  threat  of  stalkers 
and  abusers.  DHS  proposes  to  use  the  permanent  and  interim  disqualifying  criteria  in  the 
Transportation  Security  Administration’s  background  checks  for  maritime  and  land 
transportation  security  at  49  C.F.R.  1 572. 1 03. 1  s  The  offenses  include  espionage, 
sedition,  treason,  making  bomb  threats,  and  crimes  involving  transportation  security 
incidents.  Some  of  the  offenses,  such  as  fraud  and  misrepresentation  —  including 
identity  fraud  —  are  relevant  to  the  risks  of  improper  disclosure  and  access  to  the 
records.  However,  crimes  such  as  stalking,  surveillance,  harassment  and  domestic 
abuse  are  not  in  this  list.  These  crimes  must  be  added  to  the  list  of  disqualifying  offenses, 
so  that  the  REAL  ID  system  does  not  create  a  loophole  permitting  abusers  access  to  a 
national  database  that  would  allow  them  to  track  their  victims  no  matter  where  the 
victims  moved. 

D.  REAL  ID  Increases  the  Power  Abusers  Have  Over  Their  Victims 

REAL  ID’s  stringent  document  requirements  will  place  more  power  in  the  hands 
of  abusers.  Fleeing  domestic  violence  or  sexual  abuse  can  be  a  sudden  and  dramatic  step. 
Victims’  advocates  often  counsel  their  clients  to  prepare  “safety  plans,”  which  include 


187  Id.  at  10,856. 

188  49  C.F.R.  1572.103(a). 

189  Id.  at  1 572. 1 03(b)(2)(iii). 
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gathering  key  documents  such  as  passports,  visas,  and  birth  certificates.190  The  proposed 
regulations  limit  the  types  of  documents  that  can  be  used  to  prove  identity,  which  create 
problems  for  many  groups,  including  abuse  victims.191  The  draft  regulations  permit 
exceptions  for  those  who  do  not  have  the  required  documents  “for  reasons  beyond  their 
control.”192  The  exception  requires  that  the  records  “visibly  indicate”  that  alternative 
documentation  was  accepted  and  that  a  “full  explanation"  of  the  reason  be  included  in  the 
record.193  Thus  victims  will  face  the  embarrassment  of  having  intimate  details  of  the 
abuse  they  have  suffered  included  in  a  national  database  accessible  to  thousands  of 
government  employees  across  the  nation.  The  “for  reasons  beyond  their  control” 
exception  must  specifically  include  abuse  victims,  so  that  they  may  not  be  punished  for 
leaving  their  abusers.  The  visible  indication  and  “full  explanation"  included  in  the 
records  should  be  limited  to  the  statement  that  alternative  documents  were  accepted  “for 
reasons  of  personal  safety,”  so  that  victims  need  not  expose  the  history  of  their  abuse  to 
anyone  who  could  view  their  DMV  records. 

Another  problem  is  that  this  “for  reasons  beyond  their  control”  exception  does  not 
apply  to  those  who  must  demonstrate  lawful  immigration  status.194  Under  the  draft 
regulations,  the  demonstration  of  lawful  status  would  require  documents  that  an  abuser 
would  likely  have  control  over.  Abusers  of  immigrants  who  are  able  to  control  their 
victims  immigration  documents  will  be  able  to  control  the  victim’s  ability  to  obtain  a 

190  E.g.,  Oakland  County  Coordinating  Council  Against  Domestic  Violence,  Domestic  Violence  Handbook 
-  Personalized  Safety  Plan,  at  http://www.domesticviolence.org/plan.html  (last  visited  Mar.  30,  2007) 
(“Items  to  take,  if  possible. . .  Birth  Certificates  . . .  Social  security  cards  . . .  Passports,  green  cards,  work 
permits”). 

191  REAL  ID  Draft  Regulations  at  10,852.  supra  note  1 ;  see  Data  Verification  discussion,  supra  Section  VI 
(general  problems  with  the  standards). 

192  REAL  ID  Draft  Regulations  at  10,852,  supra  note  I . 
mld. 

mld. 
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REAL  ID  card  or  license.  The  “for  reasons  beyond  their  control”  exception  must  be 
extended  to  those  victims  who  must  prove  lawful  immigration  status,  so  that  the  abusers 
cannot  use  these  documents  to  trap  their  victims  into  staying  in  abusive  situations.  The 
exception  permitting  those  who  do  not  have  access  to  documents  to  use  alternative 
documentation  should  be  extended  to  the  proof  of  lawful  immigration  status.  Here,  also, 
the  visible  indication  and  “full  explanation”  included  in  the  victims’  DMV  records  should 
be  limited  to  the  statement  that  alternative  documents  were  accepted  “for  reasons  of 
personal  safety,”  so  that  victims  need  not  expose  the  history  of  their  abuse  to  anyone  and 
everyone  who  could  view  their  DMV  records. 

XII.  Metasystem  of  Identification  Is  Better  Choice 

Once  personal  data  has  fallen  into  the  hands  of  an  identity  thief,  the  potential  for 
its  misuse  is  proportionate  to  the  extent  that  the  information  can  be  used  for  illegitimate 
authentication.  We  have  already  explained  why  a  universal  identifier  will  not  improve 
security.  Rather  than  promoting  the  use  of  universal  identifiers,  EPIC  advocates  the 
distribution  of  identity  or  an  identity  metasystem  in  which  authentication  is  confined  to 
specific  contexts  in  order  to  limit  the  scope  for  potential  misuse.  The  danger  of  a  single 
identifier  is  that  the  harm  will  be  magnified  when  it  is  compromised. 

A  system  of  distributed  identification  reduces  the  risks  associated  with  security 
breaches  and  the  misuse  of  personal  information.  For  example,  a  banking  PIN  number,  in 
conjunction  with  a  bank  card,  provides  a  better  authentication  system  because  it  is  not 
coupled  with  a  single,  immutable  consumer  identity.  If  a  bank  card  and  PIN  combination 
is  compromised,  a  new  bank  card  and  PIN  number  can  be  issued  and  the  old  combination 
cancelled,  limiting  the  damage  done  by  the  compromised  data.  Drawbacks  of  such 
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